iManage Documentation
Product Guides
Users
iManage Work

iManage Work

Work Web at cloudimanage.com

Work Web

Work Next Generation Co-authoring

Work with Microsoft Office for the web Co-authoring

Work Desktop for Windows

Work Desktop for Mac

Drive for Windows

Drive for Mac

Desktop Clients Co-authoring

Work for Microsoft Teams at cloudimanage.com

Work for Microsoft Teams

Work for Google Workspace

Work Email Management for Gmail

Tracker

Work E-signature

iManage AI

iManage AI

Ask iManage

iManage Security Policy Manager

iManage Security Policy Manager

Security Policy Manager

iManage Extract

iManage Extract

Extract

iManage Insight+

iManage Insight+

Insight+

Insight+ Curation

Admins
iManage Work

iManage Work

Control Center at cloudimanage.com

Control Center

Work Desktop for Windows Installation

Work Desktop for Windows Customization

Work Desktop for Mac Installation

Drive for Windows Administration

Drive for Mac Administration

Work for Google Workspace Administration

Tracker Administration

Power Automate and iManage

Mobility for iOS Administration

Mobility for Intune Administration

Mobility for Ivanti Administration

Mobility for BlackBerry Administration

Work E-signature Administration

iManage AI

iManage AI

Ask iManage Administration

iManage Security Policy Manager

iManage Security Policy Manager

Security Policy Manager Administration

iManage Insight+

iManage Insight+

Insight+ Administration

Insight+ Curation Administration

Help Center
Training

Control Center

Azure Key Vault

Reading time: 3 Min

This topic refers to features available in your iManage Work environment if the Encryption Keys page (Settings > Encryption Keys) is visible in iManage Control Center.

To use the features referred to, users must have the global Key Management privilege to see the Encryption Key menu option.

Users must be NRTADMINs to activate or to manage keys.

The following topics are available:

Generating a customer supplied encryption key

Use this to create a customer supplied encryption key.

Create an RSA-2048 bit public/private customer supplied encryption key in your preferred tool, or follow the instructions below to create one with OpenSSL.

After the customer supplied encryption key is created, immediately escrow the key with a custodian, and share the key with other Azure administrators. This redundancy is crucial, in case the key is lost or accidentally deleted. If the encryption key is lost or destroyed, you will permanently lose all encrypted data on the iManage Work system.

To create a key pair with OpenSSL:

  1. Download and install an encryption key application, such as OpenSSL, on the client machine.

  2. Create a PEM file with the following command:
    openssl genrsa -aes256 -out private.pem 2048

  3. Enter a secret passphrase for the private key.

  4. Escrow the RSA private key with the escrow custodian.

  5. In addition to the escrowed copy, create a backup in a secure location, including the passwords.

  6. Make two copies of the private key and passwords, giving one copy to each of the two key holders.

Azure Information Worksheet

Use this worksheet to record values created during the key vault process. These values will be used later in the key ceremonies within iManage Control Center.

Worksheet: Azure information worksheet

Expand Table

Name

Value

Azure key vault DNS name

Example

https://ajubalaw.vault.azure.net/

Include the final backslash.

1

Actual

The Azure Key Version Key Identifier

Example

https://ajubalaw.vault.azure.net/keys/ajubalaw-1/da93550d9b344d04a212dd06b7e7f4dc

2

Actual

Application ID (also known as client ID)

Example

3fb0c700-536b-4700-9841-61e775400809

3

Actual

Client secret (also known as application password)

Example

xCGRvvvQmKfqwTw[@a@qovRN_Nn72K46

4

Actual

Adding the customer supplied encryption key to an Azure key vault

Use Microsoft Azure to create the key vaults. Follow their online instructions.

Make sure the following notes are incorporated into your steps and that the results look like the examples below.

  1. Create a key vault. Note the Azure key vault DNS name. For example: https://ajubalaw.vault.azure.net/ and includes the final backslash.
    Record the DNS Name in line 1 of the Azure Information Worksheet.

    Within that key vault, create a key resource. The only required settings are:
    * Include Wrap Key and Unwrap Key.
    * Do not use Set Activation date or Set Expiration date.
    Import the customer supplied encryption key that was created during the Generating a customer supplied encryption key step.
    This creates a Key Identifier. For example: https://ajubalaw.vault.azure.net/keys/ajubalaw-1/da93550d9b344d04a212dd06b7e7f4dc
    Record the Key Identifier in line 2 of the Azure Information Worksheet.

  2. Register the application.
    For example: 3fb0c700-536b-4700-9841-61e775400809
    Record the Application (client) ID in line 3 of the Azure Information Worksheet.

  3. Create an application secret, also called an application password.

    After the client secret is created, immediately record the value and also escrow it with a custodian. You cannot retrieve it after you leave that section.

    For example: xCGRvvvQmKfqwTw[@a@qovRN_Nn72K46
    Record the Client Secret in line 4 of the Azure Information Worksheet.

  4. Grant the application an access policy with the following permissions to the key vault: Wrap Key and Unwrap Key.



Need More Help?

Ask Community for Help
iManage Cloud Guides
Access all how-to guides for cloudimanage.com
Ask Community for Help
Ask Community for Help
Get answers from community experts
Contact Us
Contact Us
Tell us more and we’ll help you get there