...
Verify that you have Contributor permission on the Azure Key Vault instance that you want to use to back the secret scope.
Go to https://<your_azure_databricks_url>#secrets/createScope (for example, https://westus.azuredatabricks.net#secrets/createScope ). This URL is case sensitive; the scope in createScope must be uppercase.
Enter the name of the secret scope. Secret scope names are case insensitive.
Use the Manage Principal drop-down to specify whether All Users have to MANAGE permission for this secret scope or only the Creator of the secret scope (that is to say, you).
MANAGE permission allows users to read and write to this secret scope, and, in the case of accounts on the Azure Databricks Premium Plan, to change permissions for the scope.
Your account must have the Azure Databricks Premium Plan for you to be able to select Creator . This is the recommended approach: grant MANAGE permission to the Creator When you create the secret scope, and then assign more granular access permissions after you have tested the scope. For example workflow, see Secret workflow example.
If your account has the Standard Plan, you must set the MANAGE permission to the “All Users” group. If you select Creator here, you will see an error message when you try to save the scope.
For more information about the MANAGE permission, see Secret access control.
Enter the DNS Name (for example, https://databrickskv.vault.azure.net/ ) and Resource ID, for example: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/databricks-rg/providers/Microsoft.KeyVault/vaults/databricksKV.
These properties are available from the Properties tab of an Azure Key Vault in your Azure portal.
Click the Create button.
Use the Databricks CLI Databricks secrets list-scopes command to verify that the scope was created successfully.
...