Add key from an External Key Manager

Overview

Bring Your Own Key (BYOK) is a feature that allows you to use your own key encryption key(KEK) instead of Zoho's KEK. You can add a key either from an External Key Manager (EKM) of your choice or upload an encrypted key manually.

If you choose to provide access to your own KEK from an External key manager, it will be used to encrypt or decrypt the DEKs we provide. This ensures that the data security rests in your control, thus enhancing the security of your organization.
The process is as follows:

After you configure your key in Zoho One, we will send a request to your EKM to have our DEKs encrypted.
The encrypted DEK returned from the EKM will be stored in our in-house KMS.
To decrypt the encrypted DEK, we will send a decrypt request to your EKM using the stored ciphered text and receive plain DEK.
The plain DEK will be cached only for the duration allowed by you, after which we will send encrypt/decrypt requests to EKM again, repeating the entire process.

The steps to add key from EKM vary between the two User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow.

Spaces UI

Unified UI

Spaces UI

To add key,

Encryption or decryption of data will not function if the External Key from the External key manager (EKM) is modified or inaccessible.

Sign in to Zoho One , then click Directory icon on the top-right corner.
Click Security.
Click BYOK, then click Setup.

Note: Click Add key on the right if you already have a key added.

In the Add key screen, enter the Key name, select applications, enable availability key if you want it to be used for data recovery in case of unavailability of the configured key, and choose your key type as External key manager.

Only one key can be applied to an app.

Under Key details, provide the necessary details about your key provider.

If you select your Key provider as AWS,
enter the Client ID, Client secret, key ID, and Domain.
If you select your Key provider as Google KMS,
enter the Key ring, Key name, Key version, and Location, upload the Service account key in JSON format, and toggle on Raw encrypt.
If you select your Key provider as Thales CTM,
enter the User name, Password, Key ID, and Domain.
If you select your Key provider as Fortanix DSM,
enter the API key, Key ID, and Domain.

If you select your Key provider as HSM, enter the Key name, CKU user password, and HSM label.

If you select your Key provider as Futurex, enter the API key, Key ID, and Domain.

Select the required cache duration from the drop-down list.
Click Check Key to validate the entered key credentials.
Click Add.

Note: When configuring BYOK for a specific service, the app will be removed from the default key. The app will be added back to the default key if the particular BYOK key is deleted.

Unified UI

To add key,

Encryption or decryption of data will not function if the External Key from the External key manager (EKM) is modified or inaccessible.

Sign in to Zoho One , then click Directory in the left menu.
Click Security.
Click BYOK, then click Setup.

Note: Click Add key on the right if you already have a key added.

In the Add key screen, enter the Key name, select applications, enable availability key if you want it to be used for data recovery in case of unavailability of the configured key, and choose your key type as External key manager.

Only one key can be applied to an app.

Under Key details, provide the necessary details about your key provider.

If you select your Key provider as AWS,
enter the Client ID, Client secret, key ID, and Domain.
If you select your Key provider as Google KMS,
enter the Key ring, Key name, Key version, and Location, upload the Service account key in JSON format, and toggle on Raw encrypt.
If you select your Key provider as Thales CTM,
enter the User name, Password, Key ID, and Domain.
If you select your Key provider as Fortanix DSM,
enter the API key, Key ID, and Domain.

If you select your Key provider as HSM, enter the Key name, CKU user password, and HSM label.

If you select your Key provider as Futurex, enter the API key, Key ID, and Domain.

Select the required cache duration from the drop-down list.
Click Check Key to validate the entered key credentials.
Click Add.

Create. Review. Publish.

Write, edit, collaborate on, and publish documents to different content management platforms.

Get Started Now

Access your files securely from anywhere

Zoho CRM Training Programs

Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

Redefine the way you work

with Zoho Workplace

Start your free trial

Zoho DataPrep Personalized Demo

If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

Create, share, and deliver

beautiful slides from anywhere.

Get Started Now

Zoho Sign now offers specialized one-on-one training for both administrators and developers.

BOOK A SESSION

Zoho Workerly Home
Forums
Connect With Us:

Zoho Recruit Home
Forums
Connect With Us:

Start tracking your website metrics today

Use PageSense to understand what your visitors are looking for, how they are behaving, and where they are facing problems on your website.

Ready to improve your website's performance?

Install the PageSense code snippet on your site in a matter of minutes and start collecting in-depth data about the website visitors to grow your business.

Track and measure every business goal

Set up goals in PageSense to measure every single action performed by visitors on your website like button or link clicks, form submissions, and page engagements.

Understand the customer journey on your website

Create funnels in PageSense to quickly see which pages visitors use to enter your website, where they navigate to next, and which pages they decide to leave without converting.

Visualize your visitor's behavior with color codes

Set up heatmaps in PageSense to see where users have clicked more, how far they've scrolled, and on which parts of a page they've spent the most time using color-coded patterns in reports.

Measure customer engagement with your web forms

Use form analytics in PageSense to see how people interact with different fields in your form, whether they complete the form successfully or not, and where exactly they drop out on your form.

Record real visitor interactions on your website

Use session recordings in PageSense to watch a video of all the visitor actions performed on your website including the pages they navigate, the buttons they click, the UX issues they face, and more.

Test and optimize webpages for better conversions

Run A/B or Split URL tests in PageSense to figure out which version of your web page works best for your business and results in the best conversion rate.

Give each customer a unique website experience

Use personalization in PageSense to deliver customized versions of your website for every individual customer based on their demographics, local weather, browsing history, and more.

Grow your business through customer feedback

Run polls on your website using PageSense to understand what your customers think about your products/services and what needs improvement on your site.

Send timely updates that customers love

Use web push notifications in PageSense to schedule and notify your customers about an upcoming flash sale, product releases, promotional coupons, and a lot more that can spark conversions on your website.

Advertise your business to website visitors

Use pop-ups in PageSense to instantly grab the attention of visitors by showing attractive signup offers, coupon code discounts, or email newsletters that can eventually convert them into subscribers.

Access more advanced settings in PageSense

Use PageSense's advanced features like creating mutually exclusive groups, enabling cross-domain tracking, configuring customized project JS, and more to get deeper insights about your website.

Try easy-to-use extensions

Download the PageSense extension app available for your web browser with a few clicks and start collecting all of your required website metrics in real time.

Discover your favorite integrations with PageSense

Get a deeper look at your website's data by seamlessly integrating PageSense with a host of popular third-party apps like Google Analytics, Mixpanel, Intercom, and more.

Quick Links	Workflow Automation	Data Collection
Web Forms	Enterprise	Online Data Collection Tool
Embeddable Forms	Banking	Begin Data Collection
Interactive Forms	Workplace	Data Collection App
CRM Forms	Customer Service	Accessible Forms
Digital Forms	Marketing	Forms for Small Business
HTML Forms	Education	Forms for Enterprise
Contact Forms	E-commerce	Forms for any business
Lead Generation Forms	Healthcare	Forms for Startups
Wordpress Forms	Customer onboarding	Forms for Small Business
No Code Forms	Construction	RSVP tool for holidays
Free Forms	Travel	Features for Order Forms
Prefill Forms	Non-Profit
Intake Forms	Legal	Mobile App
Form Designer	HR	Mobile Forms
Card Forms	Food	Offline Forms
Assign Forms	Photography	Mobile Forms Features
Translate Forms	Real Estate	Kiosk in Mobile Forms
Electronic Forms
Drag & drop form builder
Notification Emails for Forms	Alternatives	Security & Compliance
Holiday Forms	Google Forms alternative	GDPR
Form to PDF	Jotform alternative	HIPAA Forms
Email Forms	Formstack alternative	Encrypted Forms
	Wufoo alternative	Secure Forms
		WCAG

Quick Links

New to Zoho Writer?

Signup Now

Zoho Writer

What's new

Help Guide

Blogs

Forums

Webinars

API

Developers

Build Extensions

Create. Review. Publish.

Write, edit, collaborate on, and publish documents to different content management platforms.

Get Started Now

Zoho Campaigns Resources

Campaigns Community Learning Series

New to Zoho CRM Plus?

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho CRM Plus?

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho Marketing Plus?

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

New to Zoho Marketing Plus?

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

Zoho Pagesense Resources

You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.

New to Zoho Survey?

Access Zoho Survey

Latest Feature Updates

Explore our Pricing & Plans

Zoho Survey Resources

Android Mobile Surveys

Insurvey Blogs

Insight Blogs

Tips & Tricks

New to Zoho Social?

Manage your brands on social media

Access Zoho Social

Desk Community Learning Series
Digest
Functions
Meetups
Kbase
Resources
Glossary
Desk Marketplace
MVP Corner
Word of the Day
Ask the Experts

Zoho Sheet Resources

New to Zoho Forms?

Latest Feature Updates

Explore our Pricing & Plans

Zoho Forms Resources

Secure your business

communication with Zoho Mail

Get started

Mail on the move with

Zoho Mail mobile application

Go Mobile

Stay on top of your schedule

at all times

Get started

Carry your calendar with you

Anytime, anywhere

Get started

Latest Announcements

New to Zoho Sign?

Zoho Sign Resources

Sign, Paperless!

Sign and send business documents on the go!

Get Started Now

Zoho SalesIQ Resources

New to Zoho TeamInbox?

Zoho TeamInbox Resources

Connect with us

New to Zoho ZeptoMail?

LEARN MORE

Latest Feature Updates

Zoho DataPrep Resources

New to Zoho DataPrep?

Access Zoho DataPrep

Zoho DataPrep Demo

Get a personalized demo or POC

Design. Discuss. Deliver.

Create visually engaging stories with Zoho Show.

Get Started Now

New to Zoho Workerly?

Access Zoho Workerly

New to Zoho Recruit?

Access Zoho Recruit

New to Zoho CRM?

Signup Now

Access Zoho CRM

Latest Feature Updates

New to Zoho Projects?

Access Zoho Projects

New to Zoho Sprints?

Access Zoho Sprints

New to Zoho Assist?

Access Zoho Assist

New to Bigin?

Signup Now

Access Bigin

Latest Feature Updates

Related Articles
Upload Key
Overview Bring Your Own Key (BYOK) is a feature that allows you to use your own key encryption key(KEK) instead of Zoho's KEK. You can add a key either from an External Key Manager (EKM) of your choice or upload an encrypted key manually. If you ...
Overview
Encryption is used to secure data by replacing plain text with ciphered text, so that only the intended recipient can understand its contents. Any form of data is initially encrypted at rest using Data Encryption Keys (DEK). The DEKs are further ...
Edit, Change and Delete key
The steps to edit, change, and delete key vary between the two User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow. Spaces UI Unified UI Spaces UI Change Key: Sign in ...
Add department
In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Tap at the bottom, then tap CREATE GROUP. Tap Department, then enter the Department name, Group email, and Department description. Tap Next, assign the ...
Device Management
Managing your employees' devices is just as crucial as monitoring their online identities when it comes to making sure they are handling company data responsibly. This is where device management comes in. Zoho One has device management features that ...