cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

CMK for managed services automatic rotation

Constantino
New Contributor III

‎11-03-2022 09:39 AM

The docs for the CMK for workspace storage states:

After you add a customer-managed key for storage, you cannot later rotate the key by setting a different key ARN for the workspace. However, AWS provides automatic CMK master key rotation, which rotates the underlying key without changing the key ARN as described in AWS docs. Automatic CMK master key rotation is compatible with Databricks customer-managed keys for storage.

However the docs for managed services does not make any mention automatic CMK master key rotation - does CMK for managed services support this AWS automation?

Labels:
0 Kudos
2 REPLIES 2

Debayan
Databricks Employee
Databricks Employee

‎11-04-2022 12:17 AM

Hi @Constantino Schillebeeckx​ , You can update/rotate CMK at a later time (on a running workspace). Please refer: https://docs.databricks.com/security/keys/customer-managed-keys-managed-services-aws.html?_ga=2.2145...

Constantino
New Contributor III
In response to Debayan

‎11-04-2022 06:05 AM

yep, I'm aware of manual key rotation, but I'd like to explicitly avoid it because:

  • it requires we take down our clusters (not feasible for our reporting clusters)
  • it means we have to add extra infra to our terraform to execute the rotation (feels needless if AWS can already rotate them automatically)

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top