Optionaloptions: CallOptionsDeletes a customer-managed key configuration object for an account. You cannot delete a configuration that is associated with a running workspace.
Optionaloptions: CallOptionsGets a customer-managed key configuration object for an account, specified by ID.
This operation uploads a reference to a customer-managed key to
Important: Customer-managed keys are supported only for some deployment types, subscription types, and AWS regions.
This operation is available only if your account is on the E2 version of the platform.",
Optionaloptions: CallOptionsLists
Optionaloptions: CallOptions
Creates a customer-managed key configuration object for an account, specified by ID. This operation uploads a reference to a customer-managed key to.
If the key is assigned as a workspace's customer-managed key for managed services,
uses the key to encrypt the workspaces notebooks and secrets in the control plane,
in addition to Databricks SQL queries and query history. If it is specified as a
workspace's customer-managed key for workspace storage, the key encrypts the
workspace's root S3 bucket (which contains the workspace's root DBFS and system data)
and, optionally, cluster EBS volume data.
Important: Customer-managed keys are supported only for some deployment types, subscription types, and AWS regions that currently support creation of workspaces.
This operation is available only if your account is on the E2 version of the platform or on a select custom plan that allows multiple workspaces per account.
GCP only: To create a customer-managed key on GCP, you must include the
X-Databricks-GCP-SA-Access-TokenHTTP header in your request. This header must contain a Google Cloud OAuth access token with thecloud-platformscope. The Google identity associated with the token must also have thesetIamPermissionsandgetIamPermissionsIAM permissions on the key resource. For details on obtaining this token, see Authenticate with Google ID tokens.