Encrypt queries, query history, and query results

Preview

This feature is in Public Preview.

Note

This feature is available with the Enterprise pricing plan.

You can encrypt the data at rest for queries and query history. The details vary by the type of object.

Use your key to encrypt queries and query history

You can use your own key from AWS KMS to encrypt the Databricks SQL queries and your query history stored in the Databricks control plane.

If you’ve already configured your own key for a workspace to encrypt data for managed services, then no further action is required. The same customer-managed key for managed services also encrypts the Databricks SQL queries and query history. This key encrypts data stored at rest. It does not affect data in transit or in memory. To learn about this feature and to configure encryption, see Customer-managed keys for managed services.

If you added a customer-managed key for managed services before May 20, 2021, Databricks SQL queries and query history that were stored before that date are not guaranteed to be encrypted with this key.

Use your key to encrypt query results

You can use your own key from AWS KMS to encrypt your Databricks SQL query results, which are stored in your root S3 bucket that you provided during workspace setup. This key encrypts data stored at rest. It does not affect data in transit or in memory. See customer-managed keys for storage.