Configure Custom KMS

Required permissions: File Life Cycle Management Edit

You can use your own Amazon KMS (Key Management Service) to encrypt your files in Cloud Storage Services. With custom KMS, your files are stored in Cloud Storage Services but are encrypted with your custom KMS. If you don't use this option, Cloud Storage Services uses its own KMS for encryption.

Custom KMS is not supported if you use Microsoft Azure custom storage.

Your custom KMS must be in the same AWS region as CXone. If you also use AWS custom storage, it also must be in the same region.

Enable Custom KMS

Before enabling custom KMS or changing its configuration, contact your CXone Account Representative. Incorrect configuration of your custom KMS can lead to permanent data loss.

  1. Click the app selector and select Admin.
  2. Click Cloud StorageStorage Settings.
  3. Click the Custom KMS slider to set it to On.
  4. Enter your KMS key's Amazon Resource Name (ARN). The ARN is specific to your tenantClosed High-level organizational grouping used to manage technical support, billing, and global settings for your CXone environment. For more information on ARN, see the AWS Key Management Service (AWS KMS) documentation. You can use either the default system-generated KMS key or a custom KMS key to encrypt your data. To make this choice and the configuration change, contact your CXone Account Representative.
  5. Click Save and in the pop-up message, click Yes.