Box KeySafe

Securely manage your own encryption keys

box keysafe

Global leaders stay in control with Box KeySafe

societe generale
Morgan Stanley

Get complete control of your data privacy

With Box KeySafe, you have complete, independent control over your encryption keys. All key usage is unchangeable and includes a detailed record of key usage, so you can track exactly why your organization’s keys are being accessed — with no impact on user experience. If you ever see suspicious activity, your security team can cut off access to the content at any time. And it's all on top of the enterprise-grade security and compliance you get with the leading Content Cloud.

How Box KeySafe works with AWS and GCP Key Management Services

We leverage Key Management Services (KMS) from Amazon Web Services (AWS) and Google Cloud Platform (GCP) to help you manage your encryption keys. Box KeySafe supports AWS KMS Custom Key Store and GCP Cloud HSM KMS to provide the control and protection of a dedicated hardware security module (HSM), without requiring you to manage any hardware. You can use AWS/GCP to store encryption keys in private dedicated CloudHSMs while using the KMS interface to generate and control access to the keys.

Government agencies leverage Box KeySafe with AWS GovCloud

As government agencies move highly sensitive workloads into the cloud, Box KeySafe with AWS GovCloud ensures compliance with ITAR/EAR and IRS-1075 requirements. Box KeySafe leverages AWS KMS in the AWS GovCloud region — giving agencies and organizations that work with the U.S. government independent control over their content encryption keys.

Encryption key management in three easy steps

file encrypted key
File encrypted with Box KeySafe key

There's no impact on the usability, mobility, security or governance provided by Box.

aws encrypted key
Box KeySafe key encrypted with your AWS/GCP KMS custom key

Box can never see or access your encryption keys, so you're always in control of your content.

audit logs
Audit logs updated

You are the legal custodian of your keys that encrypt, decrypt, and re-encrypt data.

Box KeySafe works across all industries

financial services
Financial services

Hold your own encryption keys for digital vaults to enhance security posture to clients.


Gain independent control over encryption keys for content that has citizen-only and ITAR requirements.

life sciences
Life sciences

Collaborate on research with statisticians while securely sharing regulated datasets with sponsors and CROs.

professional services
Professional services

Protect client data with controls that prevent and turn off access to documents.

Gain more control and mitigate risk by giving clients a kill switch for their critical data.
Media and entertainment
Media & entertainment
Stay in control of sensitive IP as it's shared across partners and contractors.

Key features

Fast deployment

IT teams of any size can deploy KeySafe within a few days.


Affordable for customers of all sizes, unlike other encryption services for cloud content.

Log correlations

Get complete visibility with reason codes that correlate to Box events and identify why keys are being used.

Availability and durability

Customer keys are housed by AWS/GCP in systems that are designed with 99.99999999% durability and deployed in multiple availability zones within a region.

Key rotation support

Box works with customers to rotate their Box KeySafe keys and ensures that all Box content is re-encrypted against the new key.

Key security

Box never sees or accesses customer managed encryption keys, and no keys are held in memory.

Check out Enterprise Plus

Enterprise Plus gives you the best of the Content Cloud in one simple plan. We’ve included our most-valued products and services to help you power secure enterprise workflow automation across your organization. And it saves you up to 35%.

Learn more about protecting your data with Box KeySafe

streamline mission critical
Streamline mission-critical services in the cloud

Discover how government agencies secure data across teams inside and outside the perimeter. 

Download ebook
digital workspace
Building a secure, best-in-class digital workspace

See how Intuit partners with Box to keep its workforce secure in the flow of innovation.

Read customer story
customer owned encryption
Simplify customer-owned encryption

Experience the benefits of a dedicated key store and a simplified way to manage keys.

Read blog

Ready to get started?