Local key management

  • Genesys Cloud 2 or 3 license.
  • Recording > Encryptionkey > Edit and Recording > Encryptionkey > View assigned to the role of the user setting up the service or the application’s user.

By default, Genesys Cloud generates and stores the public/private key pair used by the recording encryption process. With local key management, your developers write a service that generates the key pairs and stores them on premises. Your organization is responsible for implementing this service and storing keys safely.  Local key management is useful if you must manage your own keys for compliance reasons.

We recommend that you only use local key management if you must do so for compliance reasons and you also understand the implications of managing your own keys.

  • When you use local key management, you possess the only copy of your private keys. If these keys are lost or destroyed, then the recordings that are encrypted with the lost keys are permanently encrypted and therefore unusable. If you use local key management, then ensure that you protect your private keys from theft or accidental destruction.
  • Do not use the Genesys Cloud interface to change keys after you implement local key management. If you do, you will return to using a cloud-managed key.
  • Using the local key management does not change Genesys Cloud’s ability to access and decrypt screen, call, and digital recordings for troubleshooting purposes.
Note: Local Key Management is valid for encrypting all screen recordings, call recordings, and digital recordings. It is not valid for any other type of data encryption.

To use local key management, create a key management service that Genesys Cloud can contact for the public keys that you generate. After you implement local key management, the service that you developed handles key management for you, and you no longer use the Genesys Cloud user interface for key management.

For example code and more information about how to create your own key management service, see https://github.com/MyPurecloud/local-key-manager