Learn about customer-managed keys for your Business Critical account.
IMPORTANT: You must have a Business Critical plan to use customer-managed keys.
With customer-managed keys, you control the master key that Fivetran uses to encrypt your credentials and temporary data. You can disable access to the key at any time to stop Fivetran from accessing your data. You can re-enable the key at any point later and resume syncs.
Fivetran uses multi-region AWS Key Management Service keys to power this feature.
Customer-managed keys require additional setup. See the setup guide for instructions.
Compromised AWS keyslink
If you think your existing AWS key has been compromised, do not delete the key before you have configured the new AWS key to use with Fivetran. If you delete the compromised key, all connectors in the destination that use credentials encrypted by that key will break.
Instead, do the following to correct your compromised AWS key:
Revert the encryption with the current key.
Create a new AWS key. That implies rotating the compromised key manually in AWS.