All articles

Setting Up Wrike Lock

Table 12. Available as a paid add-on

Free

Business

Enterprise

Pinnacle

Overview

Enterprise Standard and Enterprise Pinnacle accounts can purchase Wrike Lock as an add-on.

By default, your Wrike workspace data and attachments are protected by foundational encryption; however, Wrike Lock provides an additional layer of encryption. It encrypts the keys to your encrypted Wrike data with a master encryption key that's stored with Amazon Web Services’ Key Management Service (AWS KMS), allowing you to take control of access to your data. You own and manage your master encryption key, and it resides outside of Wrike.

Set up Wrike Lock with AWS KMS

Step 1: Grant Wrike access to the key in Amazon KMS

  1. Create an encryption key in one of the following regions, this key must be symmetric:

    • us-east-1

    • us-east-2

    • us-west-1

    • us-west-2

    • eu-west-1

    • eu-central-1

    • eu-west-2

    • eu-west-3

  2. Copy the key’s Amazon Resource Name and save it somewhere.

Step 2: Generate emergency recovery keys

To generate an emergency recovery key for Wrike Lock, follow this manual.

Wrike Support will validate the recovery key before enabling the encryption to ensure that it can be used for emergency recovery.

Step 3: Encrypt your Wrike data

  1. Submit a request to the support team and let us know that you want to enable encryption for your account. Provide:

    • The key’s ARN you obtained in Step 1.

    • The public emergency recovery key in DER format.

  2. Our Support team will provide you with a Wrike AWS account ID. Grant that account ID access to the key.

  3. We'll help you choose the best time for the encryption to take place and encrypt your account data.

Note

If you wish to further configure your Wrike lock policies please refer to these instructions.

Set up Wrike Lock with Microsoft Azure key vault

Step 1: Add Wrike Azure application

  1. Open the Microsoft Azure portal.

  2. Click the search box 1, type Microsoft Entra ID 2, and select it.

    Azure_Search.png

  3. Locate and copy the Tenant ID 3 from the overview page.

    Azure_TenantID.png

  4. Replace the TENANT_ID in this URL with your copied tenant ID: https://login.microsoftonline.com/TENANT_ID/adminconsent?client_id=383bee02-4471-4401-87c6-97a9cd8c7e36. Then, press Enter.

  5. You'll be taken to the Microsoft login page. Choose the account you use to manage your organization 4 and click Accept 5.

    Azure_Accept.png

  6. You'll be redirected to wrike.com. You can close the page now.

Step 2: Create an new Azure key Vault

  1. Go to the Microsoft Azure key vault portal and log in to your admin account .

    Note

    • Ensure you have the Owner role for the subscription plan.

    • Make sure you hold the Global reader role in Microsoft Entra ID.

  2. Navigate to Create a source and select Key Vault.

  3. Fill the necessary fields to create a Key-vault:

    Key_Vault_1.png

    • Select the resource group as wrike-lock testing 1.

    • Choose a unique key-vault name 2.

    • Make everything else stay as default.

    • Click Next 3.

    • Select Azure RBAC as recommended under Access configuration.

    • Set access to All networks under Networking.

    • Navigate to Review + Create and validate the details you’ve entered.

    • Click Create to finalize the set-up.

Step 3: Assign yourself as administrator role to the created key-vault

  1. Open your newly created key-vault.

  2. Navigate to Access Control (IAM) in the left-hand navigation panel.

  3. Click on + Add and select Add Role assignment.

  4. Click on the Search tab 1 and select the Key Vault Administrator 2.

    Grant_access_1.png

  5. Navigate to the Members tab 3 and click + Select members 4 to add yourself as a member to the selected role.

  6. Click Review and Assign 5.

    Key_Vault_2.png

Step 4: Generate a key

  1. Navigate to the Objects 1 in the left-hand navigation panel of the created key vault and select Keys 2.

  2. Click on + Generate/Import 3 to create a new key.

  3. In the window that opens 4, create a random key name and set the parameters as you like or set the defaults and click Create.

    Generate_Key.png

Step 5: Grant permissions to Wrike app

  1. Go to the left-hand navigation panel of the Key Vault and select Access control (IAM).

  2. Click on + Add and select Add Role assignment.

  3. Click on the Search tab 1 and select the Key Vault Crypto User role 2.

    GrantPermissions_Wrike_1.png

  4. Navigate to the Members tab 3 and click + Select members 4.

  5. Using the Search bar, select the Wrike application 5.

    • For staging, select wrike-kms-admin-user.

    • For production, select wrike-lock-app-account.

  6. Click Review and Assign 6.

    GrantPermmissions_Wrike_2.png

The application is added with the selected user role with the key vault created.

Step 6: Generate emergency recovery keys

To generate an emergency recovery key for Wrike Lock, follow this manual.

Wrike Support will validate the recovery key before enabling the encryption to ensure that it can be used for emergency recovery.

Step 7: Encrypt your Wrike data

  1. Submit a request to the support team and let us know that you want to enable encryption for your account. Provide:

    • Key Vault URL ID

    • Key ID

    • Key name

    • The public emergency recovery key in DER format.

  2. Our Support team will help you choose the best time for the encryption to take place and encrypt your account data.

Encrypt Your Wrike Analyze Data

If you're on the Enterprise Pinnacle plan, remember that your Wrike Analyze data needs separate encryption after following the steps above. To proceed with encrypting your data, please submit a request to our support team.

Emergency recovery

If your master encryption key is lost or isn't accessible, submit a request to Wrike Support.

What's Next?

Top

Related articles