How it works

Only admins can configure CMEK. On Claude Platform, CMEK is scoped per workspace and configured with the Admin API. On Claude Enterprise, CMEK is scoped per organization and configured in claude.ai > Organization settings > Data and privacy. On either product, CMEK protects data written after the key is enabled. Existing data (prior chats, files, and sessions) remains encrypted with Anthropic-managed keys and is not re-encrypted under your key.

CMEK admin configuration events appear in the Compliance API Activity Feed. The key operations Anthropic performs against your key (such as wrapping and unwrapping data keys) do not appear in the Compliance API; they appear in your cloud provider's audit logs.

Anthropic calls your key management service from its standard public IP range. If you restrict access to your key management service by IP, allow the addresses listed in IP addresses.

Prerequisites

• Cloud Admin access in the account, project, or subscription that will host the encryption key.
• An admin role in your Anthropic organization: an Organization Admin role in the Claude Console on Claude Platform, or an Owner or Primary Owner role on Claude Enterprise.

Availability and regions

CMEK is currently available in US regions only, and all encryption operations are processed in US regions. Multi-region keys and EU key residency are not yet supported.

On Claude Platform on AWS, CMEK is available with AWS KMS keys only; Google Cloud KMS and Azure Key Vault keys cannot be registered. Create, validate, and attach keys in the Claude Console; the external_keys API endpoints are not currently available on Claude Platform on AWS. The key must be in the same AWS region as the workspace it is attached to.

For minimal latency, choose a region close to Anthropic's US infrastructure:

What CMEK protects

What CMEK covers depends on which product you use.

Encrypted

Claude Platform

• Message content, files and attachments (both inline attachments sent with a request and Files API uploads), and MCP and tool configuration.

Claude Enterprise

• Chat content, including skills, plugins, and artifacts.
• Chat attachments and project attachments.
• Claude Code on the CLI, including message content.

On both products, backups and snapshots inherit the key.

Disabled or modified

Some features are turned off or substantially modified when CMEK is enabled. This list is not exhaustive; review it with your team before enabling CMEK.

Claude Platform

• Workbench in the Claude Console is disabled.
• Portions of the Compliance API that return raw content, such as prompts, responses, and files, are disabled.
• Beta and research preview features may not be covered by CMEK. This includes Claude Managed Agents, a beta feature that is disabled as a whole, including agent memory and agent dreaming.

Claude Enterprise

• Conversation history search is disabled. Conversation titles are encrypted, so searching by title or content returns no results.
• Search across large numbers of files is slower.
• The Analytics API and in-product analytics are degraded. Some usage views and reports may be incomplete.
• Audit log exports are disabled.
• Signed URLs for temporary file exchanges are disabled. These back claude.ai admin data exports and Claude Code Remote file flows such as screenshot updates.
• Personal preferences are disabled for users who belong to a CMEK-protected organization, across all organizations under the same parent. Users who do not belong to a CMEK-protected organization can still use them across all organizations.

Not encrypted

These features remain available, but their data is not encrypted under your key. You can disable any feature that is not appropriate for your use case in Settings.

Claude Platform

• Data that is not at rest (such as cache) and data with a TTL shorter than 24 hours.
• Activity Feed, audit logs, and telemetry network traffic such as OTEL, so customers can maintain compliance even if a key is revoked.

Claude Enterprise

• Claude Code Desktop, Claude Code on the web, Cowork, Office agents, and Claude in Slack. Anthropic recommends disabling any of these that are not appropriate for your use case in the admin console.
• Beta and research preview features may not be covered by CMEK and can break in CMEK organizations, for example Claude Security and Claude Design.
• On-demand data export under Settings > Privacy.

Feature support

The following Claude Platform APIs and tools store data at rest under your key when CMEK is enabled:

Limited preservation outside your key

In three narrow cases, Anthropic may preserve specific records under Anthropic-managed encryption:

• Where Anthropic is required by law to retain records (for example, material reported to NCMEC under 18 U.S.C. § 2258A).
• Exigent risk of serious harm (for example, CBRNE weapons development, offensive cyberattacks, or imminent threats of violence).
• Violations of Section D.4 of Anthropic's Commercial Terms of Service or equivalent terms in a customer's other applicable agreement with Anthropic.

Outside of CSAM screening, preservation requires a human reviewer's explicit decision and follows Anthropic's retention policy for commercial data. For every instance of preservation, a corresponding Compliance API Activity Feed event is generated with a reason code conveying the purpose of the preservation. Safety screening metadata (records derived from Anthropic's automated safety scans, such as pattern identifiers and match indicators, not conversation content) is retained under Anthropic-managed encryption and remains readable after key revocation.

Limitations

• Irreversible action: Once a key is attached to a workspace, it cannot be detached or swapped. Rotating the key material within the same key (for example, AWS KMS automatic rotation, a Cloud KMS rotation schedule, or an Azure Key Vault rotation policy) is supported transparently and requires no change in Anthropic. Switching to a different key requires creating a new workspace with the new key and migrating your data. Revoking or disabling the key makes all CMEK-protected data in that workspace permanently inaccessible, with no backout path.
• No retroactive encryption: CMEK only protects data written after the key is enabled.
• Latency: Operations that wrap or unwrap data keys make a round-trip to your key management service, which can add a small amount of latency to actions that read or write data at rest.
• Revocation delay: Key revocation can take up to one hour (the cache TTL). Requests already in flight during that window may continue to succeed.
• KMS costs: CMEK requires a key in a third-party key management service (AWS KMS, Google Cloud KMS, or Azure Key Vault), which may incur separate charges billed by your KMS provider.

Configure your provider

Follow the guide for the key management service you use.