Prerequisites¶

Before setting up Privacera Encryption for Databricks Unity Catalog, ensure the following prerequisites are met based on your cluster type.

Common Prerequisites¶

Databricks Unity Catalog enabled workspace is set up. For setup instructions, refer to Databricks Unity Catalog Access Setup.
Privacera Encryption Gateway (PEG) is configured and running. For setup instructions, refer to PEG Setup Guide.
Encryption Presentation and masking schemes are created. For more information, refer to:

Single-User Cluster Prerequisites¶

For single-user cluster encryption using Java UDFs:

Databricks cluster init script from Privacera. Contact Privacera support to obtain the init script.

Example init script for Self-Managed or Data Plane deployment:

Bash
#!/bin/bash
# Use the value set during the installation of Privacera
export DEPLOYMENT_ENV_NAME="<DEPLOYMENT_ENV_NAME>"
set -x
export ENABLE_SSL=true
cp /dbfs/<deployment_path>/${DEPLOYMENT_ENV_NAME}/privacera-dbx-udf-pegv2-conf/peg_init_script.sh peg_init_script.sh
chmod +x peg_init_script.sh
./peg_init_script.sh

For complete setup instructions, refer to Setup - Single-User Cluster.

Shared Cluster Prerequisites¶

For shared cluster encryption using Python UDFs, the following additional AWS resources are required:

Active AWS account with appropriate permissions
AWS Secrets Manager enabled in the account
IAM role with required permissions for Unity Catalog integration

AWS IAM Role Requirements¶

Create an IAM role with the following permissions:

sts:AssumeRole - For Unity Catalog to assume the role
secretsmanager:GetSecretValue - To retrieve PEG credentials
secretsmanager:DescribeSecret - To describe secret metadata

AWS Secrets Manager Requirements¶

A secret must be created in AWS Secrets Manager containing:

Key	Description
`peg_host`	The URL of your Privacera Encryption Gateway
`peg_jwt`	JWT token for authenticating encryption requests

Prev topic: Encryption Overview
Next topic: Setup - Single-User Cluster