AWS KMS encryption settings for bring your own key

When a customer brings their own Key Encryption Key (KEK) from their AWS KMS, they must configure the following values in the Encryption settings page in the Verint Cloud portal Home page or main UI access point for all WFO applications..

Field name	Description
Authentication Type	This is a read-only field. Access key is the type.
Access Key ID	Enter the access key ID from the customer's AWS account.
Secret Access Key	Enter the secret access key that was Oauth application secret access key from the customer's AWS account. The secret access key is available only when it is created. If the secret access key is lost, in AWS KMS, delete the access key and create a new one. Then change the Secret Access Key here.
Region	Specify the Amazon Web Service (AWS) region that hosts the customer's environment.
Roles check box	If using an IAM role, select the Roles check box, and then complete the Role ARN and External ID fields. An IAM Role is an AWS option that securely grants permissions to various AWS services without having to share long-term One to five words that are meaningful to a specific type of business, or phrases that stand out in interactions in Speech and Text Analytics. security credentials like access keys.
Role ARN	If the Roles check box is selected, enter the Amazon Resource Name (ARN) for the customer's AWS IAM role.
External ID	If the Roles check box is selected, enter the External ID for the customer's AWS IAM role.
Key Encryption Key (KEK)	Enter the alias of the Key Encryption Key (KEK) found in the customer's AWS Console. You can enter the KEK Alias or the KEK Alias ARN. The format for a KEK Alias is alias/`NameOfthe customer'sKEKAlias`. The format for a KEK Alias ARN is aws:kms:`the customer'sAwsRegion`:`the customer'sAwsID`:alias/`NameOfthe customer'sKEKAlias`. For example: :aws:kms:us-east-1:089424204844:alias/MyAwsKEK.