cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

CMK for managed services automatic rotation

Constantino
New Contributor III

The docs for the CMK for workspace storage states:

After you add a customer-managed key for storage, you cannot later rotate the key by setting a different key ARN for the workspace. However, AWS provides automatic CMK master key rotation, which rotates the underlying key without changing the key ARN as described in AWS docs. Automatic CMK master key rotation is compatible with Databricks customer-managed keys for storage.

However the docs for managed services does not make any mention automatic CMK master key rotation - does CMK for managed services support this AWS automation?

2 REPLIES 2

Debayan
Esteemed Contributor III
Esteemed Contributor III

Hi @Constantino Schillebeeckxโ€‹ , You can update/rotate CMK at a later time (on a running workspace). Please refer: https://docs.databricks.com/security/keys/customer-managed-keys-managed-services-aws.html?_ga=2.2145...

Constantino
New Contributor III

yep, I'm aware of manual key rotation, but I'd like to explicitly avoid it because:

  • it requires we take down our clusters (not feasible for our reporting clusters)
  • it means we have to add extra infra to our terraform to execute the rotation (feels needless if AWS can already rotate them automatically)
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.