Slack Enterprise Key Management (EKM) implementation guide

Introduction

Welcome to Slack Enterprise Key Management (EKM). This document is designed to guide administrators like yourself through the enrollment, operation and revocation phases of Slack EKM. Additionally, you will be designated a Slack resource to support you during the enrollment phase.

Slack EKM uses AWS Key Management Services (KMS) and AWS CloudWatch/CloudTrail Logs to allow you to retain control over your encryption keys. As such, this guide will walk you through the setup of Slack EKM, AWS KMS and AWS CloudWatch/CloudTrail Logs.

For simplicity, we have broken up the guide into three primary phases:

1. Enrollment: Covers upfront configuration of your AWS account and the resources within it to support Slack EKM
2. Operation: Offers techniques for managing Slack EKM within your organization after initial enrollment
3. Revocation: Shares sample policy changes you may choose to invoke as your organization’s risk posture evolves

Download the full guide for detailed, step by step guidance.