Configure a Custom AWS KMS Key

This page is for Cloud Storage in AWS. If you use Cloud Storage in Azure, see the Azure storage section of the Cloud Storage Services online help.

Required permissions: File Life Cycle Management Edit

You can use your own Amazon KMS (Key Management Service) key to encrypt your files in Cloud Storage Services. With a custom AWS KMS key, your files are stored in Cloud Storage Services but are encrypted with your custom AWS KMS key. If you don't use this option, Cloud Storage Services uses its own AWS KMS key for encryption. You cannot use a custom AWS KMS key and multi-region storage together in the same environment.

Custom AWS KMS keys are not supported if you use Microsoft Azure custom storage.

Your custom AWS KMS key must be in the same AWS region as CXone.

You cannot use custom KMS keys and custom storage together.

Enable a Custom AWS KMS Key

Before enabling a custom AWS KMS key or changing its configuration, contact your CXone Account Representative. Incorrect configuration of your custom AWS KMS key can lead to permanent data loss.

The Storage Settings page, where you can enable Custom KMS.
  1. Click the app selector and select Admin.
  2. Click Cloud StorageStorage Settings.
  3. Click the Custom KMS slider to set it to On.
  4. Enter your KMS key's Amazon Resource Name (ARN). The ARN is specific to your tenantClosed High-level organizational grouping used to manage technical support, billing, and global settings for your CXone environment. For more information on ARN, see the AWS Key Management Service (AWS KMS) documentation. You can use either the default system-generated KMS key or a custom AWS KMS key to encrypt your data. To make this choice and the configuration change, contact your CXone Account Representative.
  5. Click Save and in the pop-up message, click Yes.