How to obtain your own encryption keys

Lucid Key Management Service (KMS) gives you the ability to manage the encryption keys that protect your data, adding a powerful layer of security and control.

1 minute read

Introduction to Key Management Service (KMS)

As part of Enterprise Shield, customers can enable Lucid Key Management Service (KMS) to obtain their own encryption keys for an additional layer of security that does not impact the user experience.

We strongly recommend enabling KMS on your account to strengthen your security posture. To get started, please contact Lucid support.

How it works

Lucid KMS uses envelope encryption. First, your data is encrypted with a Data Encryption Key (DEK), which is then encrypted with your own Key Encryption Key (KEK), securely managed in AWS KMS. Lucid employees never have access to your KEK or your decrypted DEK.

To learn more about this service, see the KMS whitepaper.

Note: These guides are here to help you get the most out of Enterprise Shield, but are not intended to address all scenarios or compliance requirements. You’re in the best position to decide how to configure your settings to ensure they meet your specific security and privacy needs.

Collaborate more securely with Enterprise Shield

Want to make a Diagram of your own? Try Lucidchart. It's quick, easy, and completely free.

Sign up free

Solutions

  • Digital transformation
  • Cloud migration
  • New product development
  • Efficiency through AI
  • View more

Company

  • About us
  • Newsroom
  • Careers
  • Contact us
  • Customer stories
  • Accessibility

Get Started

Products

Resources

PrivacyLegalCookie privacy choicesCookie policy
  • linkedin
  • twitter
  • instagram
  • facebook
  • youtube
  • glassdoor
  • tiktok

© 2025 Lucid Software Inc.