Skip to main content

Back to Databricks Navigator

Problems Controls Technologies Tools

// Navigate

/problems
/controls
/technologies
/tools

// Tools

/tools/comparison

// About

A comprehensive guide to implementing governance controls in Databricks Unity Catalog.

GOV::BLUEPRINT // Databricks Governance

Home
Technologies
Customer-Managed Keys (CMK)

Technology Reference

Customer-Managed Keys (CMK)

Data ProtectionMedium ComplexityLearning: Medium

You control the encryption keys, not just the data

// Guidance

Decision Guide

✓

When to Use

→HIPAA BAA requires customer-controlled encryption
→Financial services regulations mandate key custody
→Enterprise security policy requires BYOK (Bring Your Own Key)
→Need the ability to 'crypto-shred' data by revoking keys
→Government or defense contracts with strict key management requirements

✗

When NOT to Use

→No regulatory requirement for key custody
→Small team without dedicated security operations

// Details

Key Characteristics

Vs Default Encryption

default:: AES-256, Databricks manages keys, zero operational overhead
cmk:: AES-256, customer manages keys, requires KMS setup and rotation
verdict:: Use default unless regulation or contract requires key custody

// Related

Controls Using This Technology

1 controls use Customer-Managed Keys (CMK) for implementation.

Customer-Managed Encryption Keys (CMK)

Data Security · 4-8 hours

Need to Compare Options?

See how Customer-Managed Keys (CMK) compares to other access control approaches with our detailed comparison table.

Compare Technologies

Back to Technologies Browse Controls