Database User Guide EAP > Getting Started with Actian Database as a Service > Set Up Key Management Service for Data Encryption
Was this helpful?
Set Up Key Management Service for Data Encryption
 
Before You Begin
Using the Actian-managed Encryption Key
Set Up the AWS Key Management Service (AKMS)
Availability of Your KMS When Starting and Stopping Warehouses
 Early Adoption Program—EAP 
All new warehouses can be created with data at rest encryption enabled. There are two options for Key Management Services (KMS) behind the data encryption:
Actian-managed encryption
Your customer-managed KMS
These services use a master key encryption key to encrypt and decrypt a data encryption key for locking and unlocking the Actian warehouse.
Actian supports the following external KMSs:
AWS Key Management Service (AKMS), see Set Up the AWS Key Management Service (AKMS)
Actian does not support external keys from Google Cloud Key Management or Microsoft Azure Key Vault.
Before You Begin
 Early Adoption Program—EAP 
Note:  To use your external KMS for data encryption, you must set up the external key before creating any warehouses.
IMPORTANT!  Any warehouses created using the Actian-managed encryption key or your customer-managed external KMS master key always use that method for data key decryption. Once an encryption method is assigned at warehouse creation, it cannot be changed subsequently.
WARNING!  Once a warehouse is created, another key alias cannot be assigned to it. If you delete the key on your KMS, you will no longer be able to start any warehouse that used that key alias!
Last modified date: 10/30/2024