Local key management
- PureCloud 2 or 3 license.
- Recording > Encryptionkey > Edit and Recording > Encryptionkey > View assigned to the role of the user setting up the service or the application’s user.
By default, PureCloud generates and stores the public/private key pair used by the recording encryption process. With local key management, your developers write a service that generates the key pairs and stores them on premises. Your organization is responsible for implementing this service and storing keys safely. Local key management is useful if you must manage your own keys for compliance reasons.
We recommend that you only use local key management if you must do so for compliance reasons and you also understand the implications of managing your own keys.
- When you use local key management, you possess the only copy of your private keys. If these keys are lost or destroyed, then the recordings that are encrypted with the lost keys are permanently encrypted and therefore unusable. If you use local key management, then ensure that you protect your private keys from theft or accidental destruction.
- Do not use the PureCloud interface to change keys after you implement local key management. If you do, you will return to using a cloud-managed key.
To use local key management, create a key management service that PureCloud can contact for the public keys that you generate. After you implement local key management, the service that you developed handles key management for you, and you no longer use the PureCloud user interface for key management.
For example code and more information about how to create your own key management service, see https://github.com/MyPureCloud/local-key-manager.