encryption_keys
Creates, updates, deletes, gets or lists an encryption_keys resource.
Overview
| Name | encryption_keys |
| Type | Resource |
| Id | databricks_account.provisioning.encryption_keys |
Fields
The following fields are returned by SELECT queries:
- encryption_keys_get
- encryption_keys_list
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
customer_managed_key_id | string | ID of the encryption key configuration object. |
aws_key_info | object | |
azure_key_info | object | |
creation_time | integer | Time in epoch milliseconds when the customer key was created. |
gcp_key_info | object | |
use_cases | array | The cases that the key can be used for. |
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
customer_managed_key_id | string | ID of the encryption key configuration object. |
aws_key_info | object | |
azure_key_info | object | |
creation_time | integer | Time in epoch milliseconds when the customer key was created. |
gcp_key_info | object | |
use_cases | array | The cases that the key can be used for. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
encryption_keys_get | select | account_id, customer_managed_key_id | Gets a customer-managed key configuration object for an account, specified by ID. This operation | |
encryption_keys_list | select | account_id | Lists Databricks customer-managed key configurations for an account. | |
encryption_keys_create | insert | account_id, use_cases | Creates a customer-managed key configuration object for an account, specified by ID. This operation | |
encryption_keys_delete | delete | account_id, customer_managed_key_id | Deletes a customer-managed key configuration object for an account. You cannot delete a configuration |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
customer_managed_key_id | string | Databricks encryption key configuration ID. |
SELECT examples
- encryption_keys_get
- encryption_keys_list
Gets a customer-managed key configuration object for an account, specified by ID. This operation
SELECT
account_id,
customer_managed_key_id,
aws_key_info,
azure_key_info,
creation_time,
gcp_key_info,
use_cases
FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}' -- required
AND customer_managed_key_id = '{{ customer_managed_key_id }}' -- required
;
Lists Databricks customer-managed key configurations for an account.
SELECT
account_id,
customer_managed_key_id,
aws_key_info,
azure_key_info,
creation_time,
gcp_key_info,
use_cases
FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}' -- required
;
INSERT examples
- encryption_keys_create
- Manifest
Creates a customer-managed key configuration object for an account, specified by ID. This operation
INSERT INTO databricks_account.provisioning.encryption_keys (
use_cases,
aws_key_info,
gcp_key_info,
account_id
)
SELECT
'{{ use_cases }}' /* required */,
'{{ aws_key_info }}',
'{{ gcp_key_info }}',
'{{ account_id }}'
RETURNING
account_id,
customer_managed_key_id,
aws_key_info,
azure_key_info,
creation_time,
gcp_key_info,
use_cases
;
# Description fields are for documentation purposes
- name: encryption_keys
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the encryption_keys resource.
- name: use_cases
value:
- "{{ use_cases }}"
description: |
The cases that the key can be used for.
- name: aws_key_info
value:
key_arn: "{{ key_arn }}"
key_alias: "{{ key_alias }}"
key_region: "{{ key_region }}"
reuse_key_for_cluster_volumes: {{ reuse_key_for_cluster_volumes }}
- name: gcp_key_info
value:
kms_key_id: "{{ kms_key_id }}"
gcp_service_account:
service_account_email: "{{ service_account_email }}"
DELETE examples
- encryption_keys_delete
Deletes a customer-managed key configuration object for an account. You cannot delete a configuration
DELETE FROM databricks_account.provisioning.encryption_keys
WHERE account_id = '{{ account_id }}' --required
AND customer_managed_key_id = '{{ customer_managed_key_id }}' --required
;