All articles

Setting Up Wrike Lock

Overview

Enterprise and Wrike for Marketers Enterprise accounts can purchase Wrike Lock as an add-on.

By default, your Wrike workspace data and attachments are protected by foundational encryption; however, Wrike Lock provides an additional layer of encryption. It encrypts the keys to your encrypted Wrike data with a master encryption key that's stored with Amazon Web Services’ Key Management Service (AWS KMS), allowing you to take control of access to your data. You own and manage your master encryption key, and it resides outside of Wrike.

Set up Wrike Lock with AWS KMS

Step 1: Grant Wrike access to the key in Amazon KMS

  1. Create an encryption key in one of the following regions:

    • us-east-1

    • us-east-2

    • us-west-1

    • us-west-2

    • eu-west-1

    • eu-central-1

    • eu-west-2

    • eu-west-3

  2. Copy the key’s Amazon Resource Name and save it somewhere.

Step 2: Generate emergency recovery keys (optional)

  1. Generate an asymmetric RSA key pair and export the public key in DER format encoded with Base64. The recommended key length is 2048 bit or higher. Sample commands (Linux/Unix/Mac OS) include:

    • > openssl genrsa -aes256 -out wrike-recovery.pem 2048.

    • > openssl rsa -in wrike-recovery.pem -pubout -outform DER | base64 >wrike-recovery.der

  2. Securely store the emergency recovery key somewhere safe. You can use HSM to store the key. Your private key will never be available to Wrike.

  3. Copy the public key in DER format and save it somewhere.

Step 3: Encrypt your Wrike data

  1. Submit a request to support team and let us know that you want to enable encryption for your account. Provide:

    • The key’s ARN you obtained in Step 1.

    • The public emergency recovery key in DER format (if you generated emergency recovery keys in Step 2).

  2. Our Support team will provide you with a Wrike AWS account ID. Grant that account ID access to the key.

  3. We'll help you choose the best time for the encryption to take place and encrypt your account data.

Note

If you wish to further configure your Wrike lock policies please refer to these instructions.

Emergency recovery

If your master encryption key is lost or isn't accessible, submit a request to Wrike Support.

What's Next?

Top