---
title: >-
  Ensure that data at rest and in transit is encrypted in Azure Databricks using
  customer managed keys (CMK)
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Ensure that data at rest and in transit
  is encrypted in Azure Databricks using customer managed keys (CMK)
---

# Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)
 
## Description{% #description %}

Enable customer-managed keys (CMK) for Azure Databricks workspace encryption to control encryption keys for data at rest and in transit.

## Remediation{% #remediation %}

1. Go to **Databricks** > select workspace > **Configuration**
1. Under **Customer-managed keys**, enable encryption for managed disk and/or managed services
1. Select your Key Vault and specify the encryption key

```bash
az databricks workspace update \
  --name <workspace-name> \
  --resource-group <resource-group-name> \
  --disk-key-name <key-name> \
  --disk-key-vault <key-vault-uri> \
  --disk-key-version <key-version>
```

## References{% #references %}

1. [Azure Databricks customer-managed keys](https://docs.microsoft.com/en-us/azure/databricks/security/customer-managed-keys)
1. [CIS Azure v4.0.0 - 6.3.3](https://www.cisecurity.org/benchmark/azure/)