Encryption Key Management
AWS KMS integration for tenant data encryption
Coming Soon
The Key Management System (KMS) integration is currently in development. This feature will provide enterprise-grade encryption for sensitive tenant data using AWS KMS with envelope encryption.
Fields Requiring Encryption
124
of 144 total sensitive fields
Tenant Keys (Planned)
-
Each tenant will have a unique CMK
Key Rotation
-
Annual automatic rotation
Planned Architecture
AWS KMS
Customer Master Keys (CMK) per tenant FIPS 140-2 Level 3 validated HSMs Automatic annual key rotation
Envelope Encryption
Data Encryption Keys (DEK) for each record DEKs encrypted with CMK AES-256-GCM encryption
Compliance
ISO 27001 compliant SOC 2 Type II ready KVKK / GDPR encryption requirements
Planned Features
Tenant Key Management
View, create, and rotate encryption keys for each tenant
Key Rotation
Manual and automatic key rotation with audit trails
Usage Analytics
Monitor key usage and encryption/decryption operations
Audit Logs
Complete audit trail of all key operations
Alerts
Notifications for key expiration and security events
Bulk Re-encryption
Tools to re-encrypt data with new keys