Skip to main content

Celonis Product Documentation

On prem-clients encryption


The new installation process for on-prem clients is in limited availability. If you’re interested in trying it out, get in touch with us through

When connecting the on-prem clients with the EMS, the IT admin can decide to generate an encryption key to encrypt sensitive data in the installation package.

By default, the encryption key will be stored in the shared folder. But the IT admin can also decide to store the key in a different location.

Generating the encryption key is a part of the on-prem clients installation process. For step-by-step instructions on how to generate the encryption key, see 2. Installing on-prem clients.

This will automatically create the celonis-kms.yml file and encrypt all sensitive data (e.g. the application key and the proxy password).


We recommend generating an encryption key for all customers.