cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

How can I configure S3 Client-Side Encryption (CSE-KMS ) for my data pipeline

Go to solution
sajith_appukutt
Honored Contributor II

โ€Ž06-09-2021 12:36 AM

 
Labels:
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
sajith_appukutt
Honored Contributor II

โ€Ž06-17-2021 05:37 PM

You could create a  custom key provider that implements the EncryptionMaterialsProvider interface and configure the databricks mount to use CSE

dbutils.fs.mount(
  "s3a://cse-bucket",
  "/mnt/cse-data", 
  extraConfigs = Map(
    "fs.s3.cse.enabled" -> "true",
    "fs.s3.cse.encryptionMaterialsProvider" -> "com.mynamespace. MyEncryptionMaterialsProviders",
    "kms.key.id" -> "xxx"
  )
)

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
sajith_appukutt
Honored Contributor II

โ€Ž06-17-2021 05:37 PM

You could create a  custom key provider that implements the EncryptionMaterialsProvider interface and configure the databricks mount to use CSE

dbutils.fs.mount(
  "s3a://cse-bucket",
  "/mnt/cse-data", 
  extraConfigs = Map(
    "fs.s3.cse.enabled" -> "true",
    "fs.s3.cse.encryptionMaterialsProvider" -> "com.mynamespace. MyEncryptionMaterialsProviders",
    "kms.key.id" -> "xxx"
  )
)

0 Kudos

Go to solution
AdrianRojas
New Contributor II

โ€Ž04-13-2023 04:35 PM

a bit old, but I just faced the same issue, specifying a custom EncryptionMaterialsProvider (as described in the previous post) did the trick for me but I did had to also specify my kms endpoint, just because my region:

"fs.s3.cse.kms.endpoint" -> "kms.<region>.amazonaws.com"

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements