Integration (v100.39.0+)

Encryption Settings

Starting with v100.39.0, you can configure encryption for your organization using your own key management service, commonly referred to as Bring Your Own Key (BYOK). This feature gives you full control over your encryption keys and helps to meet compliance requirements for data protection regulations such as HIPAA and GDPR.

Currently supported provider: Azure Key Vault
Coming soon: AWS Key Management Service (KMS)

Manage encryption using your own key

Use this card to set up data encryption and review its details. Encryption is managed through a Key Management Service (KMS)—a secure system that creates and controls cryptographic keys.

Important note

Encryption can be configured only once per workgroup.

After encryption is set up, you can update the Client Secret, but you cannot disable encryption or change the KMS type.

You need the "Manage encryption settings" role to configure BYOK.

Configure KMS authentication to set up encryption

Click Add

Select the KMS type (Azure Key Vault is the default)

Enter the required details:

Client Id
Tenant Id
Client Secret
Key URL

Click Test and Save to validate credentials

Once validated, select your key and confirm the encryption algorithm

Click Confirm

After saving, the encryption status for the KMS will display as Enabled, along with details like KMS type, date added, and key URL.

Warning: Encryption starts immediately after configuration.

Secret expiration is monitored. If expiration is less than 30 days:

A warning appears in Organization settings
Weekly reminders are sent to your organization's point of contact until updated

PreviousArray sample quality NextIntegrations

Last updated 9 hours ago

Was this helpful?