In a lakehouse architecture handling highly sensitive data, what is the best approach to implement an advanced encryption key management system that allows for periodic key rotation without disrupting services?

Real Exam

Develop a custom key rotation application that uses dual keys temporarily during the rotation period for both old and new data access.

2.4%

Store all encryption keys in a secure on-premises hardware security module (HSM), manually updating lakehouse configurations during rotation periods.

4.9%

Utilize a cloud-based key management service (KMS) that supports automatic key rotation and seamless integration with the lakehouse storage layer.

90.2%

Implement a manual process where new keys are generated and applied to data at rest during scheduled maintenance windows.

2.4%

Databricks Certified Data Engineer - Professional