Skip to main content

Lakebase Token Management

Implement cached workspace and Lakebase credential token flows for secure Postgres access in off-platform deployments.

Lakebase Token Management preview

Build with AI

  1. Copy the prompt below
  2. Paste into Cursor, Claude Code, Codex, or any coding agent
  3. Your agent builds it — asking questions along the way so the result is exactly what you want

New to templates? Learn more here

When done, you will have:

  • A token manager that fetches and caches Lakebase Postgres credentials with automatic refresh before expiry
  • Support for direct token auth (local development) and M2M OAuth (production)
  • An optional local dev script for refreshing your workspace token in your env file

Prerequisites

This template fetches and caches Lakebase Postgres credentials from a Node.js process. Verify these Databricks workspace features are enabled before starting.

  • Lakebase Postgres available. Run databricks postgres list-projects --profile <PROFILE> and confirm the command succeeds. A not enabled error means Lakebase is not available to this identity.
  • A provisioned Lakebase project. Complete the Create a Lakebase Instance template first so you have a LAKEBASE_ENDPOINT resource path to pass to the credentials API.
  • An env management setup. Complete the Lakebase Env Management for Off-Platform Apps template first — this template imports the validated env module and expects DATABRICKS_HOST, LAKEBASE_ENDPOINT, and either DATABRICKS_TOKEN or DATABRICKS_CLIENT_ID + DATABRICKS_CLIENT_SECRET to be set.