AV | Set Up Key Management Service for Data Encryption (BETA feature)

Warehouse User Guide > Getting Started > Set Up Key Management Service for Data Encryption (BETA feature)

Was this helpful?

Set Up Key Management Service for Data Encryption (BETA feature)

Set Up the AWS Key Management Service (AKMS)

Availability of Your KMS When Starting and Stopping Warehouses

All new warehouses can be created with data at rest encryption enabled. There are two options for Key Management Services (KMS) behind the data encryption:

• Actian-managed encryption

• Your customer-managed KMS

These services use a master key encryption key to encrypt and decrypt a data encryption key for locking and unlocking the Actian warehouse.

Actian Data Platform supports the following external KMSs:

• AWS Key Management Service (AKMS), see Set Up the AWS Key Management Service (AKMS)

Actian Data Platform does not support external keys from Google Cloud Key Management or Microsoft Azure Key Vault.

Before You Begin

Note: To use your external KMS for data encryption, you must set up the external key before creating any warehouses.

IMPORTANT! Any warehouses created using the Actian-managed encryption key or your customer-managed external KMS master key always use that method for data key decryption. Once an encryption method is assigned at warehouse creation, it cannot be changed subsequently.

WARNING! Once a warehouse is created, another key alias cannot be assigned to it. If you delete the key on your KMS, you will no longer be able to start any warehouse that used that key alias!

Last modified date: 01/04/2024