Bring Your Own Key (BYOK)

For security reasons, we encrypt the virtual hard disks of your Collibra Platform environment using an encryption key. By default, this key is provided by Collibra, but you can also use your own encryption key. By using your own key, you have full control over your data and can revoke access to that data at any time.

Collibra supports AWS Key Management Service (KMS) and GCP Key Manager.

Encryption is done at the virtual hard disk level, not the database level. All disks in the environment are encrypted, not only the data drives containing the Collibra repository.

Key requests happen only on specific lifecycle events: disk creation, VM startup, disk snapshot creation, and disk restores. When a VM starts, it requests a data encryption key from the KMS service. Once the VM is running, it can encrypt and decrypt all disk I/O without additional key requests.