Encrypt queries, query history, and query results

Note

This feature is available with the Premium pricing tier.

You can encrypt the data at rest for queries and query history. The details vary by the type of object.

Use your key to encrypt queries and query history

You can use your own key from Cloud KMS to encrypt the Databricks SQL queries and your query history stored in the Databricks control plane.

If you’ve already configured your own key for a workspace to encrypt data for managed services, then no further action is required. The same customer-managed key for managed services also encrypts the Databricks SQL queries and query history. This key encrypts data stored at rest. It does not affect data in transit or in memory. To learn about this feature and to configure encryption, see Customer-managed keys for managed services.

Databricks SQL queries and query history that were stored before you added the key or before July 24, 2023 are not guaranteed to use this key to help protect and control access to the data.

Use your key to encrypt query results

You can use your own key from Cloud KMS to encrypt your Databricks SQL query results, which are stored in your workspace storage buckets that Databricks created during workspace setup. This key encrypts data stored at rest. It does not affect data in transit or in memory. See customer-managed keys for storage.