Skip to main content

encryption_keys

Operations on a encryption_keys resource.

Overview

Nameencryption_keys
TypeResource
Iddatabricks_account.provisioning.encryption_keys

Fields

NameDatatype
account_idstring
aws_key_infoobject
creation_timeinteger
customer_managed_key_idstring
use_casesarray

Methods

NameAccessible byRequired ParamsDescription
getSELECTaccount_id, customer_managed_key_idGets a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data.
listSELECTaccount_idGets all customer-managed key configuration objects for an account. If the key is specified as a workspace's managed services customer-managed key, Databricks uses the key to encrypt the workspace's notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If the key is specified as a workspace's storage customer-managed key, the key is used to encrypt the workspace's root S3 bucket and optionally can encrypt cluster EBS volumes data in the data plane.
createINSERTaccount_idCreates a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If the key is assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for workspace storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data.
deleteDELETEaccount_id, customer_managed_key_idDeletes a customer-managed key configuration object for an account. You cannot delete a configuration that is associated with a running workspace.

SELECT examples

SELECT
account_id,
aws_key_info,
creation_time,
customer_managed_key_id,
use_cases
FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}';

INSERT example

Use the following StackQL query and manifest file to create a new encryption_keys resource.

/*+ create */
INSERT INTO databricks_account.provisioning.encryption_keys (
account_id,
data__aws_key_info,
data__use_cases
)
SELECT
'{{ account_id }}',
'{{ aws_key_info }}',
'{{ use_cases }}'
;

DELETE example

Deletes a encryption_keys resource.

/*+ delete */
DELETE FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}' AND
customer_managed_key_id = '{{ customer_managed_key_id }}';