This article is for:
- Org Security Admins
Once key management is enabled for your organization, you can add an encryption key. This is also known as bring your own key (BYOK).
Note: If you've already added an encryption key and want to change or switch it to another key, see Rotate an encryption key.
Before you add a key
Follow these steps to before you add a key:
- Review our best practices and key guidelines along with your required processes around managing encryption keys.
- Assign additional users to the Org Security Admin role so they can manage the encryption key for your organization.
- Generate and securely store the key outside of the Workiva platform, following your guidelines.
- Upload the key to enable Bring Your Own Key for your organization.
- Set a reminder, if needed, to rotate your key based on your security guidelines.
Add an encryption key
Important: Workiva does not have any access to the key you upload. You need to keep and maintain the key.
To add an encryption key:
- From Organization Admin, click Security .
- Click Key Management.
- Click Browse and then select the file that includes your encryption key and click upload.
- Check the box to confirm that you will keep a copy of the key.
- Click Add Key.
Active key status
You’ll see an Active status indicator showing you that your key is now in use. After you add your encryption key, files from that point forward will use the key. Any files created prior will continue to use the default Workiva encryption.