Set Up Key Management Service for Data Encryption
Early Adoption Program—EAP
All new warehouses can be created with data at rest encryption enabled. There are two options for Key Management Services (KMS) behind the data encryption:
• Actian-managed encryption
• Your customer-managed KMS
These services use a master key encryption key to encrypt and decrypt a data encryption key for locking and unlocking the Actian warehouse.
Actian supports the following external KMSs:
Actian does not support external keys from Google Cloud Key Management or Microsoft Azure Key Vault.
Before You Begin
Early Adoption Program—EAP
Note: To use your external KMS for data encryption, you must set up the external key before creating any warehouses.
IMPORTANT! Any warehouses created using the Actian-managed encryption key or your customer-managed external KMS master key always use that method for data key decryption. Once an encryption method is assigned at warehouse creation, it cannot be changed subsequently.
WARNING! Once a warehouse is created, another key alias cannot be assigned to it. If you delete the key on your KMS, you will no longer be able to start any warehouse that used that key alias!
Last modified date: 10/30/2024