Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)

azure

Set up the azure integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

Enable customer-managed keys (CMK) for Azure Databricks workspace encryption to control encryption keys for data at rest and in transit.

Remediation

  1. Go to Databricks > select workspace > Configuration
  2. Under Customer-managed keys, enable encryption for managed disk and/or managed services
  3. Select your Key Vault and specify the encryption key
az databricks workspace update \
  --name <workspace-name> \
  --resource-group <resource-group-name> \
  --disk-key-name <key-name> \
  --disk-key-vault <key-vault-uri> \
  --disk-key-version <key-version>

References

  1. Azure Databricks customer-managed keys
  2. CIS Azure v4.0.0 - 6.3.3