This article is for:
- Org Security Admins
As you work with key management, also known as bring your own key (BYOK), you can remove or restore an encryption key. Review details below for steps and details to help you remove or restore a key.
Remove an encryption key
If you remove a key, any files previously encrypted using that key will no longer be accessible to users in your organization. As such, act with caution when removing an encryption key for an organization. You can only undo this action by uploading the exact same key.
- From Organization Admin, click Security.
- Click Key Management.
- Click Remove Key.
- Select Browse and upload your current key material.
- Select Remove Key.
- Check the box to confirm that you understand you won’t be able to access your data once the key is removed.
- Click Remove Key.
After a key is removed, you'll see a status indicator showing that they key was removed. You'll no longer have access to your files previously encrypted with this key, making the organization unusable until the key is restored.
Restore an encryption key
Note: You need the exact same original key to restore it.
- From Organization Admin, click Security.
- Click Key Management.
- Complete Step 1: Click Download public key and use it to wrap your encryption key.
Once you download the public key, you have 24 hours to wrap and upload the new key.
- Complete Step 2: Click Browse and upload the wrapped key.
This key must be a 256-bit symmetric key wrapped by the public key downloaded in Step 1.
- Click Restore Key.
- Check the box to confirm you'll keep a copy of the key.
- Click Restore Key.
- From Organization Admin, click Security.
- Click Key Management.
- Click Browse and select the original key.
- Click Restore Key.
- Check the box to confirm that you'll keep a copy of the key.
- Click Restore Key.
After you restore a key, any files previously encrypted with that key will now be accessible. Additionally, all files created going forward will use that key as well.