# Configuring Workato Enterprise Key Management (EKM) with a custom key
In addition to popular key management systems, Workato Enterprise Key Management (EKM) also supports generating your own custom keys.
In this guide, we'll walk you through creating a custom key and using it to configure EKM in Workato.
# Prerequisites
To perform the tasks in this guide, you'll need:
- A Workato account with the Enterprise Key Management feature enabled
- A Workato user role with the Key management privilege
# Step 1: Generate a custom key
KEY REQUIREMENTS
Custom keys must be 32 byte, base64-encoded, 256-bit symmetric keys.
First, generate a custom key and save it to a file.
The following example demonstrates how to use the OpenSSL library (opens new window) to generate a 32 byte, base64-encoded, 256-bit symmetric key:
openssl rand -out WorkatoCustomKey.txt -base64 32
The key is encoded using base64 encoding and saved to a file named WorkatoCustomKey.txt. For more information about the command (rand), see OpenSSL documentation (opens new window).
CREATE YOUR OWN CUSTOM KEY
You can use other tools to generate custom keys as long as the keys meet the requirements listed above.
Note that keys must be generated using a cryptographically secure pseudo random number generator (CSPRNG). Any keys you generate must be strongly protected from unauthorized access because keys are highly sensitive material. For example, protect your key by storing it in a secure location.
# Step 2: Upload the key to Workato
Sign in to your Workato account if you haven't already.
Navigate to Settings > Key management.
In the How do you want to encrypt your data? field, select Custom KMS key from the drop-down.
In the Key material file field, drag and drop or upload the key file.
Click Update key.
Last updated: 2/3/2025, 7:19:51 PM