Encryption - Databricks Unity Catalog¶
This guide provides instructions for setting up encryption support for Databricks Unity Catalog using Privacera Encryption Gateway (PEG).
Overview¶
With Privacera Encryption Gateway (PEG), you can encrypt sensitive data in Databricks Unity Catalog to enhance data security and meet regulatory compliance requirements.
The following sequence diagram illustrates how Databricks (DBx) obtains an encryption scheme from PEG when executing protect, unprotect, or mask operations:
sequenceDiagram
participant DBX as DBx
participant PEG as PEG
participant SS as Scheme Server
participant DB as DB
participant VAULT as Privacera Vault
DBX->>PEG: Get Scheme (JWT Token 1)
PEG->>SS: Get Scheme (JWT Token 2)
SS->>DB: Get Scheme
DB-->>SS: Scheme + Encrypted Key
note right of SS: Key encrypted with Master Key
SS->>VAULT: Get Master Key
VAULT-->>SS: Master Key
SS->>SS: Decrypt Scheme Key
SS-->>PEG: Scheme + Key
note left of PEG: Encrypted using Shared Key
PEG-->>DBX: Scheme + Key
note left of DBX: Encrypted using Shared KeyCloud Platform Support
Currently, PEG for Databricks Unity Catalog is only supported on the AWS cloud platform.
Cluster Type Comparison¶
| Feature | Single-User Cluster | Shared Cluster |
|---|---|---|
| UDF Type | Java UDF | Python UDF |
| AWS Prerequisites | Not Required | Required |
| Init Script | Required | Not Required |
| Secrets Manager | Not Required | Required |
- Prev topic: Access Management
- Next topic: Prerequisites