Next Previous actions,activity,access logs,accessibility,add,add an app,add members,add to Slack,administrators,all passwords,analytics,Android,announcement,announcements,App Directory,app icon,Apple Watch,approving apps,archive,Asana,Atlassian,automation apps,badge,payment details,billing,Bitbucket,bot user,box,browse,calls,Calls:,cancel,changes,channels,channel instantly,channel management,channel notification,channel suggestions,claim domains,close,company culture,compliance exports,compose,computers,conversations,convert,connect,connected accounts,connection,connecting,copy messages,create,customisation,customise,custom SAML,custom,customer support teams,data exports,data security,deactivate,default channels,delete,deletion,deploy Slack,desktop,direct messages,directory,disable,discover and join,Discovery API,display name,DMs,do not disturb,domain,domains,downgrade,Dropbox,duplicate accounts,edit,editing,education,email address,email,emoji,emoticons,Enterprise Grid,enterprise mobility management,executives,export,failed payments,fair billing,FAQs,finding,format,formatting,framework for apps,free trials,general,getting started,GIPHY,GitHub integration,GitHub organisation,GitHub,glossary,Google Apps,Google Calendar,Google Drive,guests,highlights,HipChat,human resources,IFTTT,import,incoming webhooks,integrations,iOS,invite,IT teams,Jira,join,keep up,keyboard layout,keyboard shortcuts,Keychain Access,keyword notifications,language,languages,leave,link previews,loading,limits,links,Linux,Mac,manage a workspace,manage apps,manage members,marketing,mention,merge,message actions,messages are displayed,message display,Microsoft products,mobile,mobile push,move channels,moving workspaces,multiple,mute,name,names,noise,not-for-profit organisation,notify,OneDrive,onboard,owners,password,payment,payments,permissions,phones,pin,subscription,subscriptions,Plus subscription,polls,primary ownership,privacy policies,prioritise tasks,private,private channel,private notes and files,project management,public channel,purpose,Quick Switcher,quote,reactivate,read,recruitment,referrer information,reminder,remove,rename,retention,request a new workspace,role,roles,RSS,sales,Salesforce,SAML,SCIM,SCIM provisioning,screen reader,search,send,session duration,share messages,share,shared channel,shared channels,sidebar,sign in,sign out,sign-up mode,single sign-on,Slack Day,Slack for Teams,Slack notifications,save notes and files,service level agreements,ServiceNow,sign up,Slack status,Slackbot,slash commands,snippet,snooze,software developers,star,statistics,Stride,sync,tablets,tax,threads,time zone,tips,to-do lists,topic,triage channels,terms of service,Trello,troubleshoot,trouble receiving,tour,Twitter,two-factor authentication,unread messages,updates,upgrade,upload,username,user groups,URL,holiday,vendor and remittance,video,voice call,voice,what is,what’s important,whitelisting,Windows Phone,Windows,working in,workspace apps,workspace creation requests,workspace discovery,workspace settings,Wunderlist,your actions,Zapier,zoom,features,#general,file storage,posts,dark mode,theme,Workflow Builder,voice,video,screen sharing,workflows,Outlook Calendar,invited members,transfer ownership,whitelist,enterprise key management,transport layer security,strong customer authentication,CSV,text file,working hours, Search for “[term]” See [n]+ more results → Slack Enterprise Key Management
Slack Enterprise Key Management (EKM) is a security add-on for the Enterprise Grid and GovSlack subscription that you can use to control and get visibility into how your organisation’s data is accessed in Slack. What to expect
Use your own encryption keys (stored in Amazon's Key Management Service) to encrypt messages and files.
To minimise disruption for members of your organisation, you can revoke granular access to encryption keys.
Org members can use Slack as normal, even if some data has restricted access.
data residency for Slack, new EKM customers can choose to create and store encryption keys in a specific data region.
How Slack EKM works Data encrypted with customer-controlled keys
The following categories of customer data will be encrypted at rest with keys stored in the customer’s AWS account:
canvases and snippets
Files (e.g. images, docs,
clips, etc.) uploaded to the Slack Service Search index of customer data
Messages and files generated by apps or bots (except Slackbot)
Sidebar custom sections
Any data collected by an app deployed to Slack's managed infrastructure, as well as the app's datastores, developer secrets and logs
Data encrypted with Slack-controlled keys
The following categories of data may be encrypted at rest with keys generated and stored by Slack:
Slack member profiles, including custom statuses
Channel names, topics, descriptions and bookmarks
Workspace and channel membership information
Data used to measure seat count, usage and revenue
Data used for analytics and to measure quality of service, e.g. sanitised logs
IDs generated by Slack on behalf of the customer
Note: When you enrol in EKM, any existing data will be encrypted with customer-controlled keys.
If external organisations are working together in
Slack Connect, the shared contents are covered by EKM in the following ways:
Each organisation’s messages will be encrypted with their EKM keys, if applicable.
The search index for Slack Connect channels with be duplicated and encrypted with each customer’s EKM keys.
If an organisation is removed from a Slack Connect channel, they'll retain an archived copy if they have
permission to post, invite and more.
Ready to learn more? Contact our Sales team to get started.
Who can use this feature?
Org owners and org admins
Available for the
Enterprise Grid subscription