KeySafe must be configured initially by Box Support and the Amazon Web Services (AWS) requirements for KeySafe must be met before you can enable KeySafe with Amazon Web Services.Documentation Index
Fetch the complete documentation index at: https://docs.box.com/llms.txt
Use this file to discover all available pages before exploring further.
- Go to Admin Console > Enterprise Settings.
- Select the Security tab.
- In the KeySafe section, click Enable.
- Enter your AWS Account ID and Key ID.
- Select Enable.
- Select Save.
Multi-region AWS KMS
To enable multi-region AWS KMS:- Provide your multi-region AWS KMS to Box.
- Give permission in AWS for Box to use your backup and primary keys.
- Box automatically detects the primary and backup keys.
- If there is a temporary outage in one of the KMS locations, Box KeySafe automatically switches to using one of the other locations to ensure seamless Box use.
- If your primary AWS KMS location is inoperable, Box continues to operate using your backup locations, so data remains accessible.
- Box automatically uses the nearest KMS location to ensure the lowest possible latency to decrypt content.
Optimize zone based on location
Provision your primary key in the AWS region that is closest to your default Box Zone. You can create replica keys in the AWS regions nearest to the Box Zones where your users are located, so they are ready when Box support for multi-region KeySafe is available. Our recommendation for the AWS KMS region is based on minimizing latency between Box’s infrastructure and the KMS location, as lower latency directly contributes to a better experience:| Default Zones Location | Recommended AWS KMS Region |
|---|---|
| Australia | ap-southeast-2 |
| Canada | us-west2 |
| France | eu-central-1 |
| Germany | eu-central-1 |
| Japan | ap-northeast-1 |
| United States | us-west2 |
| UK | eu-west-2 |