Configure Enterprise Key Management


You can configure Enterprise Key Management in the Security & Authentication section of the Configuration tab within the Enterprise Key Management sub-section.

The configuration depends on your encryption key provider.


Azure Key Vault

Microsoft Azure Key Vault can be configured directly within Egnyte’s Web UI. All of fields are required and you will need to get most of this information from your Azure Key Vault account.

Note: HSM name and the Vault's name are the same.

An Application ID (also known as a Client ID) and authentication key (also known as the shared secret) are the Username and Password values needed for the Egnyte.



Other Providers

If you are using a different key management provider (Amazon/AWS CloudHSM, or on-premises options like SafeNET KeySecure, or SafeNET Luna SA), you must first contact Egnyte’s customer support. The configuration for these providers requires us to set up a secure link between Egnyte’s data center and your key management system.

Once this is done, you will be able to change the EKM settings yourself from the Egnyte Web UI.


Additional Configuration Options

Cache Duration

To ensure high performance and reduce the number of requests to your key management system, you can specify a time period during which Egnyte will cache the external key. At your preference, the external key can be cached for time periods between 5 minutes to an hour.

Note: The Cache duration is defaulted to 5 minutes
  1. Navigate to the Enterprise Key Management section of the Security & Authentication page.
  2. Select the new duration from the Cache duration drop-down.


  3. Click Save.

Key Rotation

When using an external key management system, it is a best practice to rotate your encryption key on a regular basis. The procedure in each system varies slightly, but the main steps are the same:

  1. Create a new version of the key, making sure to keep the previous key version enabled.
  2. Enter the new key version in the Web UI. Egnyte will start using the new version of the key immediately.


  3. After the cache duration configured has expired, you can safely disable the original version of the key in your key management system.

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community .