Remove or restore an encryption key

As you work with key management, also known as bring your own key (BYOK), you can remove or restore an encryption key. Review details below for steps and details to help you remove or restore a key.

Remove an encryption key

If you remove a key, any files previously encrypted using that key will no longer be accessible to users in your organization. As such, act with caution when removing an encryption key for an organization. You can only undo this action by uploading the exact same key.

To remove an encryption key:

1. From Organization Admin, click Security .
2. Click Key Management.
3. Click Remove Key.
   
4. Upload the original key and then type "Remove" to confirm your action.
   
5. Click Remove Key.

After a key is removed, you’ll see a status indicator showing that the key was removed. Additionally, you’ll no longer have access to your files previously encrypted with this key.

Restore an encryption key

Note: You need the exact same original key to restore it.

To restore an encryption key:

1. From Organization Admin, click Security .
2. Click Key Management.
3. Click Browse and then find the file with the original key.
4. Check the box to confirm you’ll keep a copy of the key.
   
5. Click Restore Key.

After you restore a key, any files previously encrypted with that key will now be accessible. Additionally, all files created going forward will use that key as well.