Customer-Managed Keys Beta

Learn about customer-managed keys for your Business Critical account.

IMPORTANT: You must have a Business Critical plan to use customer-managed keys.

With customer-managed keys, you control the master key that Fivetran uses to encrypt your credentials and temporary data. You can disable access to the key at any time to stop Fivetran from accessing your data. You can re-enable the key at any point later and resume syncs.

Fivetran uses keys from one of the following providers to power this feature:

• AWS Key Management Service
• Azure Key Vault

Setup guidelink

Customer-managed keys require additional setup. See the setup guide for your chosen provider:

• AWS customer-managed keys setup guide
• Azure customer-managed keys setup guide

Compromised keyslink

If you think your existing key has been compromised, do not delete the key before you have configured the new key to use with Fivetran. If you delete the compromised key, all connectors in the destination that use credentials encrypted by that key will break.

Instead, do the following to correct your compromised key:

1. Revert the encryption with the current key.

   

2. Create a new key. That implies rotating the compromised key manually in AWS KMS or Azure Key Vault.

3. Set up the new key in Fivetran.