cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

CMK for managed services automatic rotation

Constantino
New Contributor III

The docs for the CMK for workspace storage states:

After you add a customer-managed key for storage, you cannot later rotate the key by setting a different key ARN for the workspace. However, AWS provides automatic CMK master key rotation, which rotates the underlying key without changing the key ARN as described in AWS docs. Automatic CMK master key rotation is compatible with Databricks customer-managed keys for storage.

However the docs for managed services does not make any mention automatic CMK master key rotation - does CMK for managed services support this AWS automation?

2 REPLIES 2

Debayan
Esteemed Contributor III

Hi @Constantino Schillebeeckxโ€‹ , You can update/rotate CMK at a later time (on a running workspace). Please refer: https://docs.databricks.com/security/keys/customer-managed-keys-managed-services-aws.html?_ga=2.2145...

Constantino
New Contributor III

yep, I'm aware of manual key rotation, but I'd like to explicitly avoid it because:

  • it requires we take down our clusters (not feasible for our reporting clusters)
  • it means we have to add extra infra to our terraform to execute the rotation (feels needless if AWS can already rotate them automatically)

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group