Databricks

sajith_appukutt · ‎06-09-2021

sajith_appukutt · ‎06-17-2021

You could create a custom key provider that implements the EncryptionMaterialsProvider interface and configure the databricks mount to use CSE

dbutils.fs.mount(
  "s3a://cse-bucket",
  "/mnt/cse-data", 
  extraConfigs = Map(
    "fs.s3.cse.enabled" -> "true",
    "fs.s3.cse.encryptionMaterialsProvider" -> "com.mynamespace. MyEncryptionMaterialsProviders",
    "kms.key.id" -> "xxx"
  )
)

View solution in original post

sajith_appukutt · ‎06-17-2021

You could create a custom key provider that implements the EncryptionMaterialsProvider interface and configure the databricks mount to use CSE

dbutils.fs.mount(
  "s3a://cse-bucket",
  "/mnt/cse-data", 
  extraConfigs = Map(
    "fs.s3.cse.enabled" -> "true",
    "fs.s3.cse.encryptionMaterialsProvider" -> "com.mynamespace. MyEncryptionMaterialsProviders",
    "kms.key.id" -> "xxx"
  )
)

AdrianRojas · ‎04-13-2023

a bit old, but I just faced the same issue, specifying a custom EncryptionMaterialsProvider (as described in the previous post) did the trick for me but I did had to also specify my kms endpoint, just because my region:

"fs.s3.cse.kms.endpoint" -> "kms.<region>.amazonaws.com"

Databricks

How can I configure S3 Client-Side Encryption (CSE-KMS ) for my data pipeline

Unity Catalog Lakeguard: Industry-first and only data governance for multi-user Apache™ Spark cluste

Announcing the General Availability of Databricks Asset Bundles

Register now and save 50% on training at Data + AI Summit!

How to successfully build GenAI applications

Meet DBRX, the New Standard for High-Quality LLMs