Connect to key service for client-side encryption (beta)

Supported editions for this feature: Enterprise; Education Plus.  Compare your edition

After you set up your external key service, you need to connect Google Workspace to the service.

Connect Google Workspace to your external key service

Before you begin: Make sure you have the URL for your external key service, and check that the URL is accessible from the internet. For details, go to Set up your key service for client-side encryption.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. Go to Securityand thenClient-side encryption.
  3. Click the External key service card to open it.
  4. Click Add external key service.
  5. Enter a name for your key service.

    This name appears in some messages to users if Google Workspace can't access your external key service, so they'll know the problem is with the encryption service and not Drive.

  6. Enter the URL that your key service provided to you.
  7. To make sure Google Workspace can communicate with the external key service, click Test connection.
  8. To close the card, click Continue.

If you change your key service settings...

If necessary, you can change the URL for your current key service and continue to access any files encrypted using that service. 

If you switch to another external key service: All files encrypted with your previous service can't be decrypted, and users can't access their content. 

Next steps...

Before your users can use CSE to encrypt Drive files, you need to connect Google Workspace to your identity provider (IdP) for client-side encryption.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
73010
false