- 23 Aug 2023
- 1 Minute to read
Airtable Enterprise Key Management
- Updated on 23 Aug 2023
- 1 Minute to read
Enterprise Key Management (EKM) allows admins on the Enterprise Scale plan control over the data their users store in Airtable while also giving visibility into how those users access data.
|Plan availability||Enterprise Scale only|
|Platform(s)||Web/Browser, Mac app, and Windows app|
Enterprise Key Management access and control
By default, we always encrypt data stored at rest using AES-256. EKM will now allow you to encrypt your organization’s applications using keys you own and manage through Amazon’s Key Management Service. You will also have visibility into the usage of those keys via AWS CloudWatch and CloudTrail.
By configuring different KMS policies, admins have the ability to manage and revoke key access on the application, workspace, and organization-level. For example, you can use EKM to revoke access to a specific application while allowing collaborators to continue using other applications uninterrupted.
Configuring Enterprise Key Management in Airtable
In order to use EKM, you must configure a customer managed key (CMK) in Amazon Web Services (AWS), which will be used across all your enterprise Airtable accounts. You will then create KMS policies that grant Airtable permission to use keys stored in your organization’s KMS to encrypt Airtable data (further details in our Implementation Guide).
After enabling EKM, all new applications will automatically be encrypted using your organization’s keys. Existing applications will need to go through a migration process.
Data encrypted by CMKs
The following data is encrypted with customer-controlled keys once EKM is enabled:
- In-base data (record contents, comments, etc.)
- Historical data (snapshots and record history)
- Change logs
Data encrypted with Airtable keys
The following data may continue to be encrypted with Airtable owned keys:
- Audit logs
- Application and interface metadata (names and descriptions)
- User and team metadata (usernames, group names)
- Data used for running the service (sanitized logs, etc.)
For questions or support in setting up Airtable EKM, please contact your Airtable account representative or CSM.