Learn about customer-managed keys for your Business Critical account.
IMPORTANT: You must have a Business Critical plan to use customer-managed keys.
With customer-managed keys, you control the master key that Fivetran uses to encrypt your credentials and temporary data. You can disable access to the key at any time to stop Fivetran from accessing your data. You can re-enable the key at any point later and resume syncs.
Fivetran uses keys from one of the following providers to power this feature:
Customer-managed keys require additional setup. See the setup guide for your chosen provider:
If you think your existing key has been compromised, do not delete the key before you have configured the new key to use with Fivetran. If you delete the compromised key, all connectors in the destination that use credentials encrypted by that key will break.
Instead, do the following to correct your compromised key:
Revert the encryption with the current key.
Create a new key. That implies rotating the compromised key manually in AWS KMS or Azure Key Vault.