- Overview
- Building models
- Consuming models
- ML packages
- 1040 - ML package
- 1040 Schedule C - ML package
- 1040 Schedule D - ML package
- 1040 Schedule E - ML package
- 1040x - ML package
- 3949a - ML package
- 4506T - ML package
- 709 - ML package
- 9465 - ML package
- ACORD125 - ML package
- ACORD126 - ML package
- ACORD131 - ML package
- ACORD140 - ML package
- ACORD25 - ML package
- Bank Statements - ML package
- Bills Of Lading - ML package
- Certificate of Incorporation - ML package
- Certificate of Origin - ML package
- Checks - ML package
- Children Product Certificate - ML package
- CMS 1500 - ML package
- EU Declaration of Conformity - ML package
- Financial Statements - ML package
- FM1003 - ML package
- I9 - ML package
- ID Cards - ML package
- Invoices - ML package
- Invoices Australia - ML package
- Invoices China - ML package
- Invoices Hebrew - ML package
- Invoices India - ML package
- Invoices Japan - ML package
- Invoices Shipping - ML package
- Packing Lists - ML package
- Payslips - ML package
- Passports - ML package
- Purchase Orders - ML package
- Receipts - ML Package
- Remittance Advices - ML package
- UB04 - ML package
- Utility Bills - ML package
- Vehicle Titles - ML package
- W2 - ML package
- W9 - ML package
- Public endpoints
- Supported languages
- Data and security
- Customer-Managed Keys
- Legal information
- Licensing and Charging Logic
- How to
Document Understanding User Guide
Customer-Managed Keys
Customer-Managed Keys (CMKs) meld security control with operational flexibility, a dedicated architecture if you want complete authority over your encryption keys. If you have full ownership of these keys, CMKs defend data contained in Software as a Service (SaaS) applications without compromising utility or convenience.
CMKs are designed around two primary needs. The first is to provide tenant-level encryption. This means you decide which of your stored data to encrypt, be it all or just parts of it.
The second is key management sovereignty. The master encryption key is yours to control, along with any additional decryption keys. Monitoring key access, how they're used, even the ability to revoke them at any point, are all under your command.
The CMK architecture builds a secure barrier between client data and tenant service. By granting you control over key access and usage, your data remains shielded even if a breach of service is encountered. Simply revoke your keys, and any associated data artifacts are immediately inaccessible.
CMKs can also be a solution to adherence to complex, compliance-driven key management policies. Regular change in keys is key in information security. CMKs let you manage your rotation policies. This service also allows you to closely monitor your keys, making sure you're aware of any unsanctioned uses or attempts right when they happen.
Tailored to keep your data secure, our CMKs provide you with full control of the encryption keys that protect your stored data. This page helps you enable CMKs in your tenant.
- You must have an account on the Advanced tier of our platform. For mor information, check the About Licensing page from the Automation CloudTM Public Sector Admin Guide.
- You must specify your requirement for CMKs for Document UnderstandingTM.
- Your keys must be configured and stored in Azure KeyVault.
Follow these instructions to enable CMKs in your tenant:
- Submit a support ticket via the UiPath® support channels with the request for Customer Managed Keys for Document Understanding. Make sure to add the tenant ID for the tenant you want encrypted with the CMK feature.
- After submitting the request, our Product Support team will enable CMKs on your tenant and update you through your request.
- Once enabled, you will be able to manage your key in the Encryption section found under Security Settings in your admin panel.
- Customer data: All your data will be encrypted at both hardware and application layers. Existing data on that tenant is still accessible, but will be encrypted using only the UiPath key.
- Data decryption: The decryption process will require UiPath support, ensuring your data remains secure. Even UiPath engineers, including those in Product Support, will not have access to this data.
- Feature limitation: CMK activation will bring changes to some Document Understanding features. Full-text search will be disabled in Document Manager for Build and Monitor, and images won't be saved by the Metering service.