All articles

Setting Up Wrike Lock


Enterprise Standard and Enterprise Pinnacle accounts can purchase Wrike Lock as an add-on.

By default, your Wrike workspace data and attachments are protected by foundational encryption; however, Wrike Lock provides an additional layer of encryption. It encrypts the keys to your encrypted Wrike data with a master encryption key that's stored with Amazon Web Services’ Key Management Service (AWS KMS), allowing you to take control of access to your data. You own and manage your master encryption key, and it resides outside of Wrike.

Set up Wrike Lock with AWS KMS

Step 1: Grant Wrike access to the key in Amazon KMS

  1. Create an encryption key in one of the following regions, this key must be symmetric:

    • us-east-1

    • us-east-2

    • us-west-1

    • us-west-2

    • eu-west-1

    • eu-central-1

    • eu-west-2

    • eu-west-3

  2. Copy the key’s Amazon Resource Name and save it somewhere.

Step 2: Generate emergency recovery keys (optional)

To generate an emergency recovery key for Wrike Lock, follow this manual.

Wrike Support will validate the recovery key before enabling the encryption to ensure that it can be used for emergency recovery.

Step 3: Encrypt your Wrike data

  1. Submit a request to the support team and let us know that you want to enable encryption for your account. Provide:

    • The key’s ARN you obtained in Step 1.

    • The public emergency recovery key in DER format (if you generated emergency recovery keys in Step 2).

  2. Our Support team will provide you with a Wrike AWS account ID. Grant that account ID access to the key.

  3. We'll help you choose the best time for the encryption to take place and encrypt your account data.


If you wish to further configure your Wrike lock policies please refer to these instructions.

Emergency recovery

If your master encryption key is lost or isn't accessible, submit a request to Wrike Support.

What's Next?