Implementing Slack Enterprise Key Management

A complete walk-through of the Slack EKM set-up process and how to navigate the enrolment, operation and revocation phases


Welcome to Slack Enterprise Key Management (EKM). This document is designed to guide administrators such as yourself through the enrolment, operation and revocation phases of Slack EKM. Additionally, you will be designated a Slack resource to support you during the enrolment phase.

Slack EKM uses AWS Key Management Services (KMS) and AWS CloudWatch/CloudTrail logs to allow you to retain control over your encryption keys. As such, this guide will take you through the set-up of Slack EKM, AWS KMS and AWS CloudWatch/CloudTrail logs.




For simplicity, we have broken up the guide into three primary phases:

  1. Enrolment: Covers up-front configuration of your AWS account and the resources within it to support Slack EKM
  2. Operation: Offers techniques for managing Slack EKM within your organisation after initial enrolment
  3. Revocation: Gives sample policy changes you may choose to invoke as your organisation’s risk profile evolves

Download the full guide for detailed, step-by-step guidance.

Was this resource useful?


Nice one!

Thanks a lot for your feedback!

Got it!

Thanks for your feedback.

Whoops! We’re having some problems. Please try again later.