Integrations
Encryption Keys
How does Formal manage the encryption keys used to encrypt data?
Field Encryptions require the registration of an Encryption Key. Formal currently supports creating keys using AWS KMS, with 3 management models possible:
- Managed Cloud: Formal creates a new AWS KMS Key within the organization’s integrated Cloud Account.
- SaaS (Formal Managed): Formal creates a new AWS KMS Key within Formal’s internal infrastructure and manages it for the customer.
- On-premise: Organizations create and manage the AWS KMS key themselves.
Field Encryptions for a given Sidecar must use an Encryption Key registered under the same management model as the Sidecar.
Was this page helpful?