Skip to content

Commit

Permalink
adding CMEK info
Browse files Browse the repository at this point in the history
  • Loading branch information
@fiquick
fiquick committed Mar 11, 2024
1 parent 4133b46 commit e4fa188
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions modules/ROOT/pages/platform/security.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,15 +262,16 @@ label:AuraDB-Enterprise[]

Use keys from the AWS Key Management Service (KMS) to encrypt a database.

[CAUTION]
[WARNING]
====
Deleting a key makes all data encrypted under that key unrecoverable.
Neo4j cannot administer instances when keys are disabled, deleted or permissions revoked.
====

* Create a single-region key in the AWS KMS console ensuring the region matches your Neo4j instance.
* Within the Neo4j Aura Console, navigate to the security settings and create a customer managed key.
* Edit the AWS key policy. Refer to the example key policy structure for guidance on formatting.
* Create a single-region key in the AWS console ensuring the region matches your Neo4j instance.
* Go to security settings in the Aura Console, create a customer managed key and copy the generated JSON code.
* Within the AWS console, edit the key policy to include the JSON code.
Refer to the example key policy structure for guidance on formatting.

==== Key policy structure

Expand Down

0 comments on commit e4fa188

Please sign in to comment.