Welcome to Portal
If you choose to provide access to your own KEK from an External key manager, it will be used to encrypt or decrypt the DEKs we provide. This ensures that the data security rests in your control, thus enhancing the security of your organization.
The process is as follows:
After you configure your key in Zoho Directory, we will send a request to your EKM to have our DEKs encrypted.
The encrypted DEK returned from the EKM will be stored in our in-house KMS.
To decrypt the encrypted DEK, we will send a decrypt request to your EKM using the stored ciphered text and receive plain DEK.
The plain DEK will be cached only for the duration allowed by you, after which we will send encrypt/decrypt requests to EKM again, repeating the entire process.
Sign in to Zoho Directory .
Click Admin Panel, then click Security.
In the Add key screen, enter the Key name, select applications, and choose your key type as External key manager.
Under Key details, provide the necessary details about your key provider.
If you select your Key provider as AWS,
enter the Client ID, Client secret, key ID, and Region.
If you select your Key provider as Google KMS,
enter the Key ring, Key ring name, Key version, and Location, upload the Service account key in JSON format, and toggle on Raw encrypt.
If you select your Key provider as Thales CTM,
enter the User name, Password, Key ID, and Domain.
If you select your Key provider as Fortanix DSM,
enter the API key, Key ID, and Domain.
Select the required cache duration from the drop-down list.
Click Add.