encryption_keys
Creates, updates, deletes, gets or lists an encryption_keys resource.
Overview
| Name | encryption_keys |
| Type | Resource |
| Id | databricks_account.provisioning.encryption_keys |
Fields
The following fields are returned by SELECT queries:
- get
- list
The encryption key configuration was successfully returned.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
customer_managed_key_id | string | |
aws_key_info | object | |
creation_time | integer | |
use_cases | array |
The encryption key configurations were successfully returned.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
customer_managed_key_id | string | |
aws_key_info | object | |
creation_time | integer | |
use_cases | array |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | Gets a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data. | ||
list | select | Gets all customer-managed key configuration objects for an account. If the key is specified as a workspace's managed services customer-managed key, Databricks uses the key to encrypt the workspace's notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If the key is specified as a workspace's storage customer-managed key, the key is used to encrypt the workspace's root S3 bucket and optionally can encrypt cluster EBS volumes data in the data plane. | ||
create | insert | Creates a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If the key is assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for workspace storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data. | ||
delete | delete | Deletes a customer-managed key configuration object for an account. You cannot delete a configuration that is associated with a running workspace. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|
SELECT examples
- get
- list
Gets a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data.
SELECT
account_id,
customer_managed_key_id,
aws_key_info,
creation_time,
use_cases
FROM databricks_account.provisioning.encryption_keys;
Gets all customer-managed key configuration objects for an account. If the key is specified as a workspace's managed services customer-managed key, Databricks uses the key to encrypt the workspace's notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If the key is specified as a workspace's storage customer-managed key, the key is used to encrypt the workspace's root S3 bucket and optionally can encrypt cluster EBS volumes data in the data plane.
SELECT
account_id,
customer_managed_key_id,
aws_key_info,
creation_time,
use_cases
FROM databricks_account.provisioning.encryption_keys;
INSERT examples
- create
- Manifest
Creates a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to Databricks. If the key is assigned as a workspace's customer-managed key for managed services, Databricks uses the key to encrypt the workspaces notebooks and secrets in the control plane, in addition to Databricks SQL queries and query history. If it is specified as a workspace's customer-managed key for workspace storage, the key encrypts the workspace's root S3 bucket (which contains the workspace's root DBFS and system data) and, optionally, cluster EBS volume data.
INSERT INTO databricks_account.provisioning.encryption_keys (
data__use_cases,
data__aws_key_info
)
SELECT
'{{ use_cases }}',
'{{ aws_key_info }}'
;
# Description fields are for documentation purposes
- name: encryption_keys
props:
- name: use_cases
value: required
- name: aws_key_info
value: object
DELETE examples
- delete
Deletes a customer-managed key configuration object for an account. You cannot delete a configuration that is associated with a running workspace.
DELETE FROM databricks_account.provisioning.encryption_keys;