This feature is available with the Enterprise pricing tier.
You can encrypt the data at rest for queries and query history. The details vary by the type of object.
You can use your own key from AWS KMS to encrypt the Databricks SQL queries and your query history stored in the Databricks control plane.
If you’ve already configured your own key for a workspace to encrypt data for managed services, then no further action is required. The same customer-managed key for managed services also encrypts the Databricks SQL queries and query history. This key encrypts data stored at rest. It does not affect data in transit or in memory. To learn about this feature and to configure encryption, see Customer-managed keys for managed services.
Databricks SQL queries and query history that were stored before you added the key or before May 20, 2021 are not guaranteed to use this key to help protect and control access to the data.
You can use your own key from AWS KMS to encrypt your Databricks SQL query results, which are stored in your root S3 bucket that you provided during workspace setup. This key encrypts data stored at rest. It does not affect data in transit or in memory. See customer-managed keys for storage.