AWS KMS provides API methods, namely Encrypt / Decrypt, which can be used to secure all files uploaded to iDeals VDR. To implement this security option, you should configure the AWS KMS and iDeals VDR by following the steps below.

Note: To enable Encryption at rest functionality, please contact the Customer Support team (if included in your subscription with iDeals).

1. Create a new user in AWS

The new user is needed for authentication of API calls from iDeals VDR to AWS KMS.

2. Create a new encryption key in AWS.

The encryption key is required by AWS KMS API methods Encrypt / Decrypt.

You may find the detailed instructions for the steps above by following the links.

3. Apply the customer-managed key in the interface.

Make the following parameters ready from the AWS console:

  • user "Access Key ID";

  • user "Secret Access Key";

  • encryption key "ARN".

In all new projects, the customer-managed encryption keys setting is deactivated by default. To activate it and apply the created key:

  • Go to the Encryption at rest settings under the Settings menu in the top-right corner;

  • Click Edit;

  • Choose the Activated option in the drop-down menu;

  • Fill in the parameters saved from the previous step: Access Key ID, Secret Access Key, Encryption Key ARN in the corresponding fields;

  • Click Apply.

Note: These settings available for users with a full administrator role.

All data is encrypted in transfer and at rest with a default key.

After the customer-managed encryption keys setting activation, all the documents uploaded to the project will be encrypted with the applied key.

All management actions with the encryption keys can be tracked in the All actions report. 


To disable access to the encrypted data, go to the AWS console and Disable the target key from the Key actions menu:

Note: Access to all documents encrypted with this key will be lost. To restore access to the documents, please enable the key in the AWS console.

Please contact the iDeals Customer Support team in case of any issues with CMEK protection.

Did this answer your question?