Encryption using Private Key in Zoho Creator
1. In a nutshell
Bring Your Own Encryption Key (BYOK) allows you to encrypt your field data using a private key you configure and manage in Zoho Directory. This gives you direct control over your encryption, ensuring compliance with your organization's security policies while maintaining Zoho Creator's encryption standards. You can read more about encryption in Zoho here.
2. Availability
- BYOK is available exclusively upon request to our support team and is restricted to paid plans.
- Only the super admin and admins can add and manage keys in the Encryption (BYOK) tab.
3. Overview
By default, Zoho Creator encrypts stored data using Data Encryption Keys (DEK), which are further protected using a Key Encryption Key (KEK) managed by Zoho. On adding your own key (BYOK), you can replace Zoho’s default KEK with your own, allowing you to retain control over the encryption and decryption process.
This feature is particularly useful for organizations with strict regulatory requirements or internal security policies that mandate the use of their own encryption keys. BYOK applies to all fields that use encryption like data stored in media fields, such as file uploads, images, signatures, audio, and video, as well as form fields where the encrypt data field property is enabled.
While BYOK does not change Zoho Creator’s encryption standards, it ensures that control over encryption keys remains with you. Learn more about encryption in Zoho Creator.
4. Navigation guide
Once you Sign In to your Creator account, you can find Governance under the MANAGE section on the left-side pane of your dashboard. Once there, you can navigate to the Encryption (BYOK) tab and click Configure Your Key. This will redirect you to the Zoho Directory page. On this page, you can provide the required details to set up your encryption key.
4.1 Configuring your encryption key
Zoho Directory handles encryption key management for Zoho Creator. You can configure your encryption key using one of the following supported external Key Management Services (KMS):
- Google Cloud Key Management Service
- AWS Key Management System
- Thales CipherTrust Manager
- Fortanix Data Security Manager
On clicking Configure, you'll be taken to the Zoho Directory page to add and manage your encryption keys. The following documentations will walk you through the process to configure Zoho Directory for key management.
Note: To get an overview of BYOK and how it is used in Zoho Directory, click here.
- Add Key From An External Key Manager - Learn the steps to add a key from an external key manager for your application securely
- Upload Key - Learn how to upload your own encryption key to Zoho Directory
- Edit, Change, And Delete Key - Learn how to edit, change, and delete your own encryption key to Zoho Directory
5. Points to note
- When you configure your own encryption key through a specific service, it replaces Zoho's default encryption key. If you remove your configured key, Zoho's encryption will automatically resume.
- Once the BYOK key is permanently deleted, the DEK cannot be retrieved, and the actual data will be inaccessible. However, the encrypted data will remain in the Zoho database.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Encryption in Zoho Creator
Encryption is primarily used to safeguard the contents of a message so that only the intended recipient could read it. This is done by replacing the contents with unrecognizable data, which could be understood only by the intended recipient. This is ...Mutual TLS in Creator
In a nutshell Mutual TLS (mTLS) in Zoho Creator establishes a secure, certificate-based communication with external domains. It verifies both parties involved in the connection, offering stronger authentication and protection against common security ...FAQs: Zoho Creator - Starter Guide
This page covers essential insights into Zoho Creator, a low-code platform offering support for multiple languages, shared responsibility models, and the unique Deluge coding language, providing comprehensive assistance for your business needs. What ...Governance in Zoho Creator (Supported by Zoho Directory)
This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. 1. What Does This Page Cover? Learn how you can improve user management and run your organization efficiently using the Zoho ...Manage domains in your Zoho Creator account
This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. Domains of the added Sender Emails are auto-fetched and listed under the Domain Authentication tab. The listing is done as ...
New to Zoho LandingPage?
Zoho LandingPage Resources