Setup HYOK for AWS

πŸ“Œ

Per-Tenant Encryption Pricing

The Per-Tenant Encryption feature is part of the paid Security & Data Pro add-on. Contact your Ironclad account representative for more information about purchasing this package.
See an overview of the Security & Data Pro Add-on in our Help Center

Hold Your Own Key (HYOK) with AWS

  1. Enable advanced data encryption under company settings β†’ settings and click on save changes button on bottom right (appears once you check box advanced data encryption)

  2. Now click on configure encryption button which should take you to the following screen with three options:

  3. Select option b from step 2 and then click Next to select the location where your root key will be stored:

  4. Select AWS Key Management and then select on Guide me through creating a new key for wrapping. Click next to view and copy the configuration code that you will have to run on AWS cloud shell.

  5. Copy the code. You can adjust the AWS_REGION and alias-name values to fit your needs.

  6. Now paste the code on cloud shell and run it to generate an ARN string of the key alias.

  7. Copy the ARN string, paste it into onboarding page, and then apply the changes. Once you see the success message you should be all set and encryption policy is now is use.