# Configuring Workato Enterprise Key Management (EKM) With A Custom Key
In addition to popular key management systems, Workato Enterprise Key Management (EKM) also supports generating your own custom keys.
In this guide, we'll walk you through creating a custom key and using it to configure EKM in Workato.
To perform the tasks in this guide, you'll need:
- A Workato account with the Enterprise Key Management feature enabled
- A Workato user role with the Key management privilege
# Step 1: Generate A Custom Key
Custom keys must be 32 byte, base64-encoded, 256-bit symmetric keys.
You'll generate a custom key and save it to a file in this step.
The following example demonstrates how to use the OpenSSL library (opens new window) to generate a 32 byte, base64-encoded, 256-bit symmetric key:
openssl rand -out WorkatoCustomKey.txt -base64 32
The key is encoded using base64 encoding and saved to a file named
WorkatoCustomKey.txt. Refer to the OpenSSL documentation (opens new window) for more info about the command (
rand) in this example.
Create your own custom key
You may use other tools to generate custom keys as long as the keys meet the requirements listed above.
Note that, whichever tool is used for generation, keys should be generated using a cryptographically secure pseudo random number generator (CSPRNG). In addition, because keys are highly sensitive material, the generated key should be strongly protected from unauthorized access, for example by storing it in a secure location.
# Step 2: Upload The Key To Workato
Sign in to your Workato account if you haven't already.
Navigate to Settings > Key management.
In the How do you want to encrypt your data? field, select Custom KMS key from the dropdown.
In the Key material file field, drag and drop or upload the key file.
Click Update key.