encryption_keys
Operations on a encryption_keys
resource.
Overview
Name | encryption_keys |
Type | Resource |
Id | databricks_account.provisioning.encryption_keys |
Fields
Name | Datatype |
---|---|
account_id | string |
aws_key_info | object |
creation_time | integer |
customer_managed_key_id | string |
use_cases | array |
Methods
Name | Accessible by | Required Params | Description |
---|---|---|---|
get | SELECT | account_id, customer_managed_key_id | Gets a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data. |
list | SELECT | account_id | Gets all customer-managed key configuration objects for an account. If the key is specified as a workspace's managed services customer-managed key, Databricks uses the key to encrypt the workspace's notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If the key is specified as a workspace's storage customer-managed key, the key is used to encrypt the workspace's root S3 bucket and optionally can encrypt cluster EBS volumes data in the data plane. |
create | INSERT | account_id | Creates a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If the key is assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for workspace storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data. |
delete | DELETE | account_id, customer_managed_key_id | Deletes a customer-managed key configuration object for an account. You cannot delete a configuration that is associated with a running workspace. |
SELECT
examples
- encryption_keys (list)
- encryption_keys (get)
SELECT
account_id,
aws_key_info,
creation_time,
customer_managed_key_id,
use_cases
FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}';
SELECT
account_id,
aws_key_info,
creation_time,
customer_managed_key_id,
use_cases
FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}' AND
customer_managed_key_id = '{{ customer_managed_key_id }}';
INSERT
example
Use the following StackQL query and manifest file to create a new encryption_keys
resource.
- encryption_keys
- Manifest
/*+ create */
INSERT INTO databricks_account.provisioning.encryption_keys (
account_id,
data__aws_key_info,
data__use_cases
)
SELECT
'{{ account_id }}',
'{{ aws_key_info }}',
'{{ use_cases }}'
;
- name: your_resource_model_name
props:
- name: aws_key_info
value:
key_arn: arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321
key_alias: alias/projectKey
reuse_key_for_cluster_volumes: true
- name: use_cases
value:
- MANAGED_SERVICES
- STORAGE
DELETE
example
Deletes a encryption_keys
resource.
/*+ delete */
DELETE FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}' AND
customer_managed_key_id = '{{ customer_managed_key_id }}';