New Security Feature in Neo4j Aura: Customer Managed Keys

New Security Feature in Neo4j Aura: Customer Managed Keys

Organizations of all sizes continually strive to improve data security, with enterprises often leading the way. At Neo4j, we take enterprise security seriously, which is why we’ve just released Customer Managed Keys (CMKs) for Neo4j Aura, our fully managed graph database as a service.

CMKs allow organizations to encrypt their Neo4j-managed graph databases with their own cloud-based keys, giving AuraDB and AuraDS Enterprise users an increased level of autonomy for security-focused operations.

Protect Data in Aura With Your Own Key

How do CMKs work in Aura? Let’s say you manage your cloud-based keys on AWS KMS. Now you can provide Aura with the Amazon Resource Name (ARN) of the key in the configuration panel without giving that information to any support personnel. We will recognize that as your Customer Managed Key, which will be used to encrypt data on Aura instances. Only you have control over your keys — including key policies, key rotation frequency, and key versions.

With CMKs, you can define access permissions and usage policies according to your specific security requirements. This ensures that only authorized users and services can access encrypted data.

Using CMKs will allow your organization to comply with strict data protection and privacy regulations — including GDPR, HIPAA, and PCI DSS — by implementing robust encryption and access controls.

Creating Customer Managed Key with Encryption Key ARN

After you’ve created a Customer Managed Key on Aura, you can start using it to encrypt data on new Aura or Graph Data Science instances. In the general availability release, you can add up to one key per region and product.

Get Started With Customer Managed Keys for Neo4j Aura

Customer Managed Keys brings additional enterprise-grade security features to the Aura platform. With control of essential compliance-focused functions in their own hands, AuraDB and AuraDS Enterprise users benefit from a new level of flexibility and security.

Customer Managed Keys is currently available for Amazon Web Services keys. We’re working hard to get Microsoft Azure and Google Cloud Platform keys available as Customer Managed Keys on Aura.

To get started, log in to the Aura Console or visit Neo4j Support.