Del via


Encrypt queries, query history, and query results

Note

This feature is available with the Premium plan.

You can encrypt the data at rest for queries and query history. The details vary by the type of object.

Use your key to encrypt queries and query history

You can use your own key from Azure Key Vault to encrypt the Databricks SQL queries and your query history stored in the Azure Databricks control plane.

If you’ve already configured your own key for a workspace to encrypt data for managed services, then no further action is required. The same customer-managed key for managed services also encrypts the Databricks SQL queries and query history. This key encrypts data stored at rest. It does not affect data in transit or in memory. To learn about this feature and to configure encryption, see Customer-managed keys for managed services.

Databricks SQL queries and query history that were stored before you added the key or before May 20, 2021 are not guaranteed to use this key to help protect and control access to the data.

Use your key to encrypt query results

You can use your own key from Azure Key Vault to encrypt your Databricks SQL query results, which are stored in your workspace storage account that Azure Databricks created during workspace setup. This key encrypts data stored at rest. It does not affect data in transit or in memory. See customer-managed keys for workspace DBFS root storage.