This article is for:
- Org Security Admins
Once key management is enabled for your organization, you can add an encryption key. This is also known as bring your own key (BYOK). The Generate a key option allows you to have a key generated through the Wdesk platform that will automatically rotate annually.
Note: If you've already added an encryption key and want to change or switch it to another key, see Rotate an encryption key.
Before you add a key
Follow these steps before you add a key:
- Review our best practices and key guidelines along with your required processes around managing encryption keys.
- Assign additional users to the Org Security Admin role so they can manage the encryption key for your organization.
Add an encryption key
Important: Workiva does not have any access to your key.
To add an encryption key:
- From Organization Admin, click Security in the left-hand menu.
- Click the Key Management tab.
- Click Generate a key in the middle of the screen
- Check the box to verify that you understand this action can't be undone
- Click the green Generate Key button to complete the generation
Active key status
You'll see an Active status indicator showing you that your key is now in use. After you add your encryption key, files from that point forward will use the key. Any files created prior will continue to use the default Workiva encryption.