> ## Documentation Index
> Fetch the complete documentation index at: https://docs.verbex.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# KMS Encryption User Guide

#### **Accessing Encryption Settings**

To manage encryption configurations for your organization, navigate to the **Dashboard** and click on **Encryption** under the settings menu. You will be presented with the **Encryption Configuration** screen, which allows you to manage **Verbex-managed** keys, **AWS KMS** (Amazon Web Services Key Management Service), and **GCP KMS** (Google Cloud Platform Key Management Service).

In this view:

* **Encryption Toggle**: This option allows you to enable or disable encryption for your organization.
* **Encryption Configurations Table**: Displays the list of encryption configurations, such as the name of the encryption key, **KMS Option** (Verbex, AWS, or GCP), the **Provider Type**, and whether it is set as the **Primary** encryption key for your organization.

#### **2. Enabling Encryption**

To enable encryption for your organization:

1. **Toggle Encryption On**: Switch the encryption toggle to **ON** at the top of the page. This enables encryption configurations for the organization.
2. **Configuring Default Encryption**: If you have a **Verbex-managed** encryption option, you will be prompted to set it as the **Primary Encryption** for the organization. This can be done via the popup modal shown in the UI.

**UI Flow**:

* **Click on the Encryption Toggle**: Enable encryption for your organization by switching the toggle on.
* **Set Default Policy**: Choose whether to use **Verbex-managed** encryption, **AWS KMS**, or **GCP KMS** as the encryption service.
* **Save the Configuration**: Once enabled, the system will automatically apply encryption to all sensitive data, including conversations and audio files.

#### **3. Adding Encryption Configurations**

If you wish to add a new encryption provider (AWS KMS, GCP KMS, or Verbex-managed encryption), follow these steps:

**UI Flow**:

1. **Click on the Provider Buttons**:
   * **Verbex**: Click the **Verbex** button to set up **Verbex-managed** encryption.
   * **AWS**: Click the **AWS** button to configure an **AWS KMS** encryption key.
   * **GCP**: Click the **GCP** button to configure a **Google Cloud Platform KMS** encryption key.
2. **Fill in Provider Details**:
   * **Verbex-managed Encryption**: A modal will pop up where you can configure the **Primary** setting. If Verbex-managed encryption should be the primary encryption key, toggle the **Primary** switch on.
   * **AWS/GCP KMS Configuration**: In these cases, you will need to provide details such as **Project ID**, **Region**, **Key Ring**, **Crypto Key**, and **Bucket Name**. Optionally, provide a description of how and when the key should be used.

#### **4. Marking a Provider as Primary**

When configuring an encryption key, you can choose to make that key the **Primary** for your organization. This is important as only one encryption key can be active at a time.

**UI Flow**:

1. **In the Encryption Configuration Modal**, you will find an option labeled **Primary**.
2. **Enable Primary**: If you want to set a newly added key as the primary encryption key, toggle the **Primary** switch to **ON**.
3. **Save**: After making the selection, click **Save** to apply the configuration.

This ensures that all new data is encrypted with the selected primary encryption key.

#### **5. Managing Existing Encryption Keys**

Once you have multiple encryption configurations set up, you can manage them from the **Encryption Configuration Table**. Here’s how you can manage your keys:

1. **View Configurations**: The table will list all configured encryption keys, along with the **KMS Option**, **Provider Type** (AWS, GCP, Verbex), and whether the key is set as **Primary**.
2. **Edit or Delete Configurations**: If you need to modify or remove an encryption key, you can do so by clicking the **Actions** dropdown and selecting the appropriate action (e.g., **Edit** or **Delete**).

#### **6. Adding Encryption to AWS KMS**

If you're integrating **AWS KMS** as your encryption provider, follow these steps:

1. **Click 'Add AWS'**: Select the **AWS** button to configure a new AWS KMS encryption key.
2. **Provide Required Details**:
   * **Name**: Enter the name for your encryption key.
   * **Region**: Specify the AWS region for your key (e.g., **us-east-1**).
   * **Key ID**: Provide the unique AWS KMS Key ID.
   * **Access & Secret Keys**: Input your **Access Key** and **Secret Key** for authentication.
   * **Bucket Name**: Enter the bucket name where the encrypted files will be stored.
   * **Primary**: Choose to make this key the primary encryption key for your organization by toggling the **Primary** switch.
3. **Save the Configuration**: Click **Save** to finalize the AWS KMS setup.

#### **7. Adding Encryption to GCP KMS**

For integrating **GCP KMS**, the process is similar to AWS:

1. **Click 'Add GCP'**: Click the **GCP** button to set up a new Google Cloud Platform KMS encryption key.
2. **Provide Required Details**:
   * **Name**: Choose a name for your encryption key.
   * **Project ID**: Enter your GCP project ID.
   * **Location**: Specify the region, such as **global** or **us-east1**.
   * **Key Ring & Crypto Key**: Provide the **Key Ring** and **Crypto Key** names.
   * **Bucket Name**: Specify the **GCS bucket name** where encrypted data will be stored.
   * **Primary**: Toggle **Primary** to set this key as the primary encryption key.
3. **Save the Configuration**: After configuring the details, click **Save** to apply the GCP KMS settings.

#### **8. Troubleshooting and Best Practices**

* **No Encryption Configurations Found**: If the encryption table shows no configurations, ensure you have activated encryption and added the necessary encryption keys from Verbex, AWS, or GCP.
* **Expired or Invalid Keys**: If the encryption key is no longer valid, you can replace it by adding a new key and marking it as primary.
* **Bucket Requirements**: Ensure that the cloud storage bucket (AWS S3 or GCP Storage) is configured with encryption enabled before storing sensitive data.
