Enroll in CMK encryption policy
CMK gives greater control over encryption keys to protect your Atlassian Cloud data. Currently you can create only one CMK encryption (policy) per organization for all data in scope. Customers not using BYOK can enroll in CMK. BYOK customers will eventually be migrated to CMK.
Who can do this? |
You can enroll in CMK encryption policy to create a set of rules and configurations that govern how Customer-managed keys (CMK) are used to encrypt and protect your data in Atlassian Cloud apps.
To enroll in CMK encryption:
アトラシアン管理に移動します。 複数の組織がある場合は、対象の組織を選択します。
Select Security > Encryption.
Select Set up CMK encryption.
On the overview page, select Begin.
5. Enroll in CMK encryption policy by providing your AWS account ID that you created specifically for managing KMS keys used for your Atlassian cloud apps. The ID is numeric, for example, 279766244153. How to find your AWS account ID.
6. Next, Select a region from the dropdown. The choice you make regarding KMS keys will also determine the region where your cloud app data is hosted. Your KMS key and app data are co-located. Once we enroll your CMK encryption policy, you will not be able to migrate the data out of the chosen realm.
7. Provide AWS KMS key ARN(s): Provide two key ARN(s), one from each region if you chose a dual-region realm. Otherwise, provide one key ARN for a single-region realm.
8. [次へ] を選択します。
9. Provide and Create a context tag which is a customer-defined tag (a 12-digit max alphanumeric string) for providing an improved readability in your AWS Cloudtrail tracking encryption authentication, for example, “AcmeCMK”. Understand more about Encryption context identifier. We will re-confirm the tag value with you to ensure accuracy. Once it begins to take effect, it cannot be changed.
10. Re-enter the context tag value to Confirm context tag.
11. Select Enroll in CMK encryption.
Next: Update AWS KMS key policy for your Atlassian cloud organization and Set up CMK-enabled Atlassian apps.
この内容はお役に立ちましたか?