# Enterprise Key Management Troubleshooting

Need some help with Enterprise Key Management (EKM)? This guide covers some common issues with EKM and how to troubleshoot them.


# Key Validation Failure

Workato is unable to validate the provided key.

Note: If updating an existing key, data will remain encrypted until a new, valid key is provided.

Error message Can't access the provided key
Applicable to
  • AWS KMS
  • Custom keys
Occurs After clicking Update key in Account settings > Key management
Potential causes
  • Workato is experiencing downtime
  • If using AWS KMS:
    • Insufficient permissions
    • Incorrect key configuration, such as using an asymmetric key type
    • Incorrect key ARN provided in Workato
    • AWS is experiencing downtime
  • If using a custom key:
    • Invalid key format
Troubleshooting steps First, check if Workato is experiencing downtime.

If using AWS KMS: If using a custom key:

# Data Encryption Failure

Workato was unable to successfully encrypt data using the provided key.

Error message Data couldn't be encrypted with the provided key
Occurs After custom key material is uploaded in the Account settings > Key management page
Potential causes
  • Custom key material doesn't meet Workato's formatting requirements
Troubleshooting steps Verify that the key meets Workato's formatting requirements

# Unavailable Key

Workato is unable to access the provided key. This can occur when Workato's access to the key is revoked or the key is deleted.

Note: Data will remain encrypted when this occurs.

Error message Can't access the provided key
Occurs When Workato's access to the key is revoked or the key is deleted
Symptoms
  • Recipes failing to start or be tested
  • Recipes stopping after five consecutive trigger errors
  • Connection creation fails
  • Existing connections stop working
  • Job details page shows 'No data to show' message
Troubleshooting steps
  • If key access has been revoked, restore access if possible. Access to encrypted data and platform features (e.g., creating connections) will be restored.
  • If the key has been deleted, generate a new key and replace the existing key in Workato. You can also switch to using Workato KMS.

    Note: Data encrypted with the deleted key will become permanently inaccessble, including existing connections and jobs. Future data and platform features (e.g., creating connections, starting recipes) will become accessible.