Skip to main content

Accessing Encryption Settings

To manage encryption configurations for your organization, navigate to the Dashboard and click on Encryption under the settings menu. You will be presented with the Encryption Configuration screen, which allows you to manage Verbex-managed keys, AWS KMS (Amazon Web Services Key Management Service), and GCP KMS (Google Cloud Platform Key Management Service). In this view:
  • Encryption Toggle: This option allows you to enable or disable encryption for your organization.
  • Encryption Configurations Table: Displays the list of encryption configurations, such as the name of the encryption key, KMS Option (Verbex, AWS, or GCP), the Provider Type, and whether it is set as the Primary encryption key for your organization.

2. Enabling Encryption

To enable encryption for your organization:
  1. Toggle Encryption On: Switch the encryption toggle to ON at the top of the page. This enables encryption configurations for the organization.
  2. Configuring Default Encryption: If you have a Verbex-managed encryption option, you will be prompted to set it as the Primary Encryption for the organization. This can be done via the popup modal shown in the UI.
UI Flow:
  • Click on the Encryption Toggle: Enable encryption for your organization by switching the toggle on.
  • Set Default Policy: Choose whether to use Verbex-managed encryption, AWS KMS, or GCP KMS as the encryption service.
  • Save the Configuration: Once enabled, the system will automatically apply encryption to all sensitive data, including conversations and audio files.

3. Adding Encryption Configurations

If you wish to add a new encryption provider (AWS KMS, GCP KMS, or Verbex-managed encryption), follow these steps: UI Flow:
  1. Click on the Provider Buttons:
    • Verbex: Click the Verbex button to set up Verbex-managed encryption.
    • AWS: Click the AWS button to configure an AWS KMS encryption key.
    • GCP: Click the GCP button to configure a Google Cloud Platform KMS encryption key.
  2. Fill in Provider Details:
    • Verbex-managed Encryption: A modal will pop up where you can configure the Primary setting. If Verbex-managed encryption should be the primary encryption key, toggle the Primary switch on.
    • AWS/GCP KMS Configuration: In these cases, you will need to provide details such as Project ID, Region, Key Ring, Crypto Key, and Bucket Name. Optionally, provide a description of how and when the key should be used.

4. Marking a Provider as Primary

When configuring an encryption key, you can choose to make that key the Primary for your organization. This is important as only one encryption key can be active at a time. UI Flow:
  1. In the Encryption Configuration Modal, you will find an option labeled Primary.
  2. Enable Primary: If you want to set a newly added key as the primary encryption key, toggle the Primary switch to ON.
  3. Save: After making the selection, click Save to apply the configuration.
This ensures that all new data is encrypted with the selected primary encryption key.

5. Managing Existing Encryption Keys

Once you have multiple encryption configurations set up, you can manage them from the Encryption Configuration Table. Here’s how you can manage your keys:
  1. View Configurations: The table will list all configured encryption keys, along with the KMS Option, Provider Type (AWS, GCP, Verbex), and whether the key is set as Primary.
  2. Edit or Delete Configurations: If you need to modify or remove an encryption key, you can do so by clicking the Actions dropdown and selecting the appropriate action (e.g., Edit or Delete).

6. Adding Encryption to AWS KMS

If you’re integrating AWS KMS as your encryption provider, follow these steps:
  1. Click ‘Add AWS’: Select the AWS button to configure a new AWS KMS encryption key.
  2. Provide Required Details:
    • Name: Enter the name for your encryption key.
    • Region: Specify the AWS region for your key (e.g., us-east-1).
    • Key ID: Provide the unique AWS KMS Key ID.
    • Access & Secret Keys: Input your Access Key and Secret Key for authentication.
    • Bucket Name: Enter the bucket name where the encrypted files will be stored.
    • Primary: Choose to make this key the primary encryption key for your organization by toggling the Primary switch.
  3. Save the Configuration: Click Save to finalize the AWS KMS setup.

7. Adding Encryption to GCP KMS

For integrating GCP KMS, the process is similar to AWS:
  1. Click ‘Add GCP’: Click the GCP button to set up a new Google Cloud Platform KMS encryption key.
  2. Provide Required Details:
    • Name: Choose a name for your encryption key.
    • Project ID: Enter your GCP project ID.
    • Location: Specify the region, such as global or us-east1.
    • Key Ring & Crypto Key: Provide the Key Ring and Crypto Key names.
    • Bucket Name: Specify the GCS bucket name where encrypted data will be stored.
    • Primary: Toggle Primary to set this key as the primary encryption key.
  3. Save the Configuration: After configuring the details, click Save to apply the GCP KMS settings.

8. Troubleshooting and Best Practices

  • No Encryption Configurations Found: If the encryption table shows no configurations, ensure you have activated encryption and added the necessary encryption keys from Verbex, AWS, or GCP.
  • Expired or Invalid Keys: If the encryption key is no longer valid, you can replace it by adding a new key and marking it as primary.
  • Bucket Requirements: Ensure that the cloud storage bucket (AWS S3 or GCP Storage) is configured with encryption enabled before storing sensitive data.