Configure a Custom AWS KMS Key

This page is for Cloud Storage in AWS. If you use Cloud Storage in Azure, see the Azure storage section of the Cloud Storage Services online help.

Required permissions: Life Cycle Management Edit

You can use your own Amazon KMS (Key Management Service) key to encrypt your files in Cloud Storage Services. With a custom AWS KMS key, your files are stored in Cloud Storage Services but are encrypted with your custom AWS KMS key. If you don't use this option, Cloud Storage Services uses its own AWS KMS key for encryption.

Your custom AWS KMS key must be in the same AWS region as CXone.

You cannot use custom KMS keys and custom storage together.

Enable a Custom AWS KMS Key

Before enabling a custom AWS KMS key or changing its configuration, contact your CXone Account Representative. Incorrect configuration of your custom AWS KMS key can lead to permanent data loss.

The Custom KMS Configuration tab within Life Cycle Management, where you can enable Custom KMS.
  1. Click the app selector and select Admin.
  2. Click Cloud StorageLife Cycle Management.
  3. On the Custom KMS Configuration tab, select Enable Custom KMS.
  4. Enter your KMS key's Amazon Resource Name (ARN) in the ARN* field . The ARN is specific to your business unitClosed High-level organizational grouping used to manage technical support, billing, and global settings for your CXone environment. For more information on ARN, see the AWS Key Management Service (AWS KMS) documentation. You can use either the default system-generated KMS key or a custom AWS KMS key to encrypt your data. To make this choice and the configuration change, contact your CXone Account Representative.
  5. Click Save and in the pop-up message, click Yes.