Basic Setup
      Back to home
      1. Syncly Help
      2. Set Up
      3. Basic Setup

      Customer-Managed Encryption Key Setup

      Syncly's Enterprise Key Management feature enables customers to leverage their own master encryption keys securely stored within their own Azure account.

      Syncly's Enterprise Key Management feature enables customers to leverage their own master encryption keys securely stored within their own Azure account. Customers have the autonomy to perform key rotation, revocation, and disablement directly from their end, giving them complete control.

      At a high level, it involves a two-step process:

      1. Setting up KeyVault in the customer's Azure environment.
      2. Establishing trust between the customer's KeyVault and the Syncly Platform.

       Steps to Set Up KeyVault in Customer's Azure Environment 

      1.  Create an Azure KeyVault and give it a name that will help you identify it later such as "synclycmek." 
        1. Choose a location that is suited to your firms information security policies

      2.  Click on "Next" and select "Vault access policy" as the permission model. 

      3.  Proceed to the next step with the default networking settings.

      4.  Click on "Next" and then select "Create" to provision the KeyVault. 

      5. Navigate to the KeyVault Overview Tab and gather the following information:

        1. Vault URI
        2. Directory ID

      6. In the KeyVault, go to the "Keys" tab on the left and click on the "Generate/Import" button. 

         

      7. Enter the name of the key as "SynclyKEK" and click on "Create Key" to complete the process. 

       

      Establishing trust between the customer's KeyVault and the Syncly Platform.

      Follow the steps below to establish trust between the Syncly App and the recently created KeyVault. Please note that Azure Administrative access is required to perform these steps.

      1. Open PowerShell and log in to your Azure account, ensuring that you log in to the same Azure Tenant. After logging in, execute the following command: 
        1. az ad sp create --id c6c76ff4-f3d2-4c79-82e5-4ee49f87f435 

      2. In your Azure KeyVault, navigate to the "Access Policy" tab and click on "Create." Provide the following Key Permission 

        1. Next, click "Next" and search for the Principal "Syncly CMEK." Click "Next" and proceed to create it. 

        Setup completed.

        Please provide the following information to Syncly, which can be found in KeyVault's Overview Tab.

        1. Your Azure Tenant ID / Directory ID of the KeyVault.
        2. Your KeyVault Name & URL