Customer Managed Keys

Product Specifics / SAP BTP Services

Customer managed keys (CMK) enable customers to protect data at rest using encryption keys. Data can refer to data used by the service or application. This feature has the following advantages:

• Manage all of their encryption keys within a secure, SAP-provided tenant.
• Utilize encryption keys to protect their SAP data from unauthorized access or misuse.
• Retain full control over their encryption keys using one of three key scenarios: SAP Provided Keystore, Bring Your Own Key (BYOK), and Hold Your Own Key (HYOK).
• Implement workflow approvals to secure their keys.
• Restrict user operations in their tenant with role-based access control.
• Meet global and local data regulations.

This feature is also known under the names crown jewels (#2 - Data Encryption Management).

Always use the term customer managed keys.

Text for Feature Scope Description and Discovery Center

SAP provides customer managed keys through SAP Data Custodian Key Management Service. This service is undergoing a functionality change and is not general availability (GA) for all SAP BTP services.

Do not provide information for customer managed keys in the Feature Scope Description. If your service currently has a section for customer managed keys, additional information will be provided for how to manage the existing text.