Skip to main content

Bring Your Own Key (BYOK)

Bring Your Own Key (BYOK) enables you to manage your encryption keys independently while integrating securely with Unizo's systems. Instead of relying solely on Unizo's internal key management, you can bring your own external Key Management System (KMS) for maximum control over encryption, decryption, and secure communications.

Availability

The BYOK feature is only available to Enterprise plan customers.

Enhanced Security

Using your own KMS provides additional security layers and ensures you maintain full control over your encryption keys, meeting compliance requirements for sensitive data handling.

Accessing Key Management from Unizo Console

Key Protection Settings

Key Protection Configuration

  1. In the Unizo Console, navigate to Security from the sidebar.
  2. Select Key Management tab.
  3. You'll see two key management options available for configuration.

Option 1: Use Unizo-Managed KMS

  • Uses Unizo's internal key management system
  • Optimized for performance with minimal latency
  • Suitable for standard security requirements

Option 2: Bring Your Own Key Management (BYOK)

  • Integrates with your external KMS provider

Integrating Your KMS

When you select Bring Your Own Key(BYOK), follow these steps:

  1. Choose from the supported providers - HashiCorp Vault, Azure Key Vault, or AWS KMS.
Select Available KMS Provider

Select Available KMS Provider

  1. Enter the required information including integration name, client details, and vault name specific to your chosen provider.
Provide Integration Details

Provide Integration Details

  1. Complete the authentication process using your KMS provider's credentials and security protocols.
BYOK Configuration Complete

BYOK Configuration Complete

  1. Your Bring Your Own Key (BYOK) setup is now configured and ready for use.

Verifying Key Usage

After integration, it's crucial to verify that your external keys are functioning correctly:

  1. Test Encryption Workflows: Perform test encryption operations to ensure your external keys are being utilized properly.

  2. Validate Decryption: Confirm that decryption processes work seamlessly with your KMS integration.

  3. Monitor Key Access: Review logs to ensure all key operations are routing through your external KMS as expected.

For additional support with BYOK configuration, contact our team at support@unizo.ai.