Customer Managed Encryption Key Setup (CMEK)

Syncly's Enterprise Key Management feature enables customers to leverage their own master encryption keys securely stored within their own Azure account. Customers have the autonomy to perform key rotation, revocation, and disablement directly from their end, giving them complete control.

At a high level, it involves a two-step process:

1. Setting up KeyVault in the customer's Azure environment.

2. Establishing trust between the customer's KeyVault and the Syncly Platform.

   ---

 Steps to Set Up KeyVault in Customer's Azure Environment 

1.  Create an Azure KeyVault and give it a name that will help you identify it later such as "synclycmek." 

   1. Choose a location that is suited to your firms information security policies

   
   

2.  Click on "Next" and select "Azure role-based access control" as the permission model. 
   
   
3.  Proceed to the next step with the default networking settings.
   
   
4.  Click on "Next" and then select "Create" to provision the KeyVault. 
5. Navigate to the KeyVault Overview Tab and gather the following information:
   1. Vault URI
   2. Directory ID

6. In the KeyVault, go to the "Keys" tab on the left and click on the "Generate/Import" button. 

   

7. Enter the name of the key as "SynclyKEK" and click on "Create Key" to complete the process. 
   
   

Establishing trust between the customer's KeyVault and the Syncly Platform.

1. Open PowerShell and log in to your Azure account, ensuring that you log in to the same Azure Tenant. After logging in, execute the following command: 
   1. az ad sp create --id c6c76ff4-f3d2-4c79-82e5-4ee49f87f435 
       

2. In your Azure KeyVault, go to the "Access control (IAM)" tab and click on "Add role assignment."

   Assign the "Key Vault Crypto User" role to the "Syncly CMEK" service principal.

    

   

   Click Next, then select Members. Search for Syncly CMEK, and select it.

   
   
   
   

3. Next, click "Review + assign" .