Setting Up Wrike Lock
Enterprise and Wrike for Marketers Enterprise accounts can purchase Wrike Lock as an add-on.
By default, your Wrike workspace data and attachments are protected by foundational encryption; however, Wrike Lock provides an additional layer of encryption. It encrypts the keys to your encrypted Wrike data with a master encryption key that's stored with Amazon Web Services’ Key Management Service (AWS KMS), allowing you to take control of access to your data. You own and manage your master encryption key, and it resides outside of Wrike.
Step 1: Grant Wrike access to the key in Amazon KMS
Step 2: Generate emergency recovery keys (optional)
> openssl genrsa -aes256 -out wrike-recovery.pem 2048.
> openssl rsa -in wrike-recovery.pem -pubout -outform DER | base64 >wrike-recovery.der
Securely store the emergency recovery key somewhere safe. You can use HSM to store the key. Your private key will never be available to Wrike.
Copy the public key in DER format and save it somewhere.
Step 3: Encrypt your Wrike data
Submit a request to support team and let us know that you want to enable encryption for your account. Provide:
The key’s ARN you obtained in Step 1.
The public emergency recovery key in DER format (if you generated emergency recovery keys in Step 2).
Our Support team will provide you with a Wrike AWS account ID. Grant that account ID access to the key.
We'll help you choose the best time for the encryption to take place and encrypt your account data.
If you wish to further configure your Wrike lock policies please refer to these instructions.
If your master encryption key is lost or isn't accessible, submit a request to Wrike Support.