Encryption settings
Emedgene supports data encryption with customer-managed keys through Bring Your Own Key (BYOK). This gives organizations full control over their encryption and helps meet compliance requirements for data protection regulations such as HIPAA and GDPR.
Encryption is managed through a Key Management Service (KMS)—a secure system that creates and controls cryptographic keys. Currently, Azure Key Vault is supported, and AWS Key Management Service (KMS) will be available soon.
Starting in v100.39.0, users with appropriate permissions can configure encryption for their workgroup directly in the platform using a key from Azure Key Vault KMS.
Manage encryption using your own key
Use this card to set up data encryption and review its details.
Important notes before you start
Encryption can be configured by users with appropriate permissions only once per workgroup.
Once encryption is set up, you can update the client secret, but you cannot disable encryption or change the KMS type.
Set up encryption
Click Add.
Select the KMS type (Azure Key Vault is the default).
Enter the required details:
Client ID
Tenant ID
Client secret
Key URL
Click Test and Save to validate the credentials.
Emedgene checks KMS accessibility with the given credentials and ensures that it has encrypt, decrypt, wrapKey, and unwrapKey permissions for cryptographic operations.
Once validated, click Confirm to apply the update.
Encryption is active immediately after configuration.
Once encryption is set up, you’ll see the status marked Enabled, plus the date added and the key URL (Azure Key Vault only).
Update the client secret for an existing Azure Key Vault configuration
You can update the client secret for an active encryption with Azure Key Vault key. Client ID, tenant ID, and key URL can't be updated.
Click the Edit icon on the right.
Enter the new client secret.
Click Test and Save to validate the credentials.
Once validated, click Confirm to apply the update.
Last updated
Was this helpful?