# Does CS:Govern Allow For the Use of a Custom Encryption Key or a Keystore? ![](/files/bV66cgZUHAhsDBXbIqYV) ## Does CS:Govern Allow For the Use of a Custom Encryption Key or a Keystore? Database encryption is a process to **convert data in the database to “cipher text” (unreadable text) using an algorithm**. CS:Govern uses the database encryption inherent to its’ database to encrypt and decrypt the data designated as sensitive or confidential. In order to accomplish this, an encryption key is generated and used to encrypt and decrypt the text. CS:Govern leaves the choice of how the key is generated and where it is managed up to each client. You can utilize CS:Govern’s built-in key generation and management capability or employ your own encryption key. In order to employ your own encryption key, you must **add your encryption key into CS:Govern’s encryption key management system.** The following section describes the steps necessary to add a custom encryption key to CS:Govern. ## How to add a custom encryption key to CS:Govern To add your own encryption key to CS:Govern’s Key Management System: 1. Review “[Securing a CS:Govern Database](/cs-govern/best-practices/securing-a-csguardian-database.md)“ 2. Implement a key rotation policy 1. The rotation policy should include a process that inserts the new encryption key (manually or programmatically) into the CS:Govern *GuardianKey* table. 3. Login to the Database that is governed by CS:Govern as the owner of the encryption keys. The owner is the only one that should have access to the *GuardianKey* table. 4. Run or create a procedure that inserts the new key into the *GuardianKey* table. A sample script written for Microsoft SQL/Server is included below: ``` INSERT INTO [dbo].[GuardianKey] ([algorithm] ,[publicKey] ,[privateKey] ,[createdDate] ,[modifiedDate]) VALUES ( , , , ,) GO ``` * *algorithm*–A descriptive name for the system that generated the key * *publicKey*–the generated key * *privateKey*–the generated key * *createdDate*–current date and time * *modifiedDate*–current date and time --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.capstorm.com/cs-govern/frequently-asked-questions/does-csgovern-allow-for-the-use-of-a-custom-encryption-key-or-a-keystore.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.