# Enterprise Key Management Glossary
In this guide, we'll cover terms related to Workato's Enterprise Key Management (EKM) feature:
- Bring Your Own Key (BYOK)
- Connection Key (CK)
- Custom KMS key
- Customer-managed Key
- Customer Main Key (CMK)
- Data Key (DK)
- Hourly Key (HK)
- Key Management System (KMS)
- Workato KMS key
- Workato-managed key
# Bring Your Own Key (BYOK)
# Connection Key
Connection keys (CK) are keys used to encrypt connection data. A unique, connection-specific key encrypts each connection.
Connection keys are encrypted by the account's Customer Main Key (CMK).
# Custom KMS Key
See Customer-managed key.
# Customer-managed Key
# Customer Main Key (CMK)
In Workato, the CMK can be one of the following:
- Customer-managed - The CMK is a key you generate and provide to Workato. You own and manage the key in the KMS, providing the reference to Workato.
- Workato-managed - The CMK is a key generated and managed by Workato. Workato owns and manages the key on your behalf.
# Data Key (DK)
Data keys (DK) are keys used to encrypt job data. A unique, job-specific data key encrypts each job. An Hourly key encrypts the job-specific data key.
# Hourly Key (HK)
Hourly keys (HK) are keys used to encrypt job data keys. A new key is generated on an hourly basis.
# Key Management System (KMS)
A Key Management System (KMS) is a system for securely managing cryptographic keys (opens new window). For example: Amazon Key Management Service (KMS)
Synonymous with re-encryption, repacking occurs when the Customer Main Key is rotated or replaced, whether by you or Workato.
For example: When a new custom key is uploaded to Workato, Workato will repack all connection, hourly, and data keys currently in use.
# Workato KMS Key
See Workato-managed key.
# Workato-managed Keys
A Workato-managed key is a key that Workato creates, owns, and manages on your behalf. A Workato-managed key is synonymous with Workato KMS key.
All Workato-managed keys are automatically rotated once per year. Currently, this rotation schedule can't be changed.
Last updated: 4/25/2022, 8:31:20 AM