Call Recordings: Add Another Layer of Security with Public Key Encryption

call recording encryption feature for programmable voice api
  • Added security for sensitive call recordings.
  • Use your own public key to encrypt recordings before they’re stored.
  • Available in developer preview.

Today, our default security for call recordings includes encryption at rest for recordings stored with Twilio. However, we’ve learned that some customers, typically those that need to comply with strict industry or regional regulations for data protection, require even stronger security mechanisms. A level of security that keeps the customer in full control of their recordings. 

For these types of businesses, we’re excited to introduce Call Recording Encryption—a new feature for Programmable Voice that provides additional security for recordings on our platform. With Call Recording Encryption enabled, Twilio will encrypt all recordings with a public key that you provide, which limits access to the recordings to only the holder of the corresponding private key—you!

How it Works

Here’s a high-level overview of integrating Call Recording Encryption in your app:

Configuring the Keys

  1. Generate a valid RSA key pair. This only has to be done once.
  2. Submit the public key to the Twilio. This is a one-time requirement and can be done via the Credentials Endpoint, or directly in the Console:

creating public key credentials

  1. Store the private key securely in your infrastructure (HSM, AWS KMS, etc) with hardened access control to the storage. You’ll need it to decrypt the recordings.

Enabling Call Recording Encryption

Soon you’ll be able to configure Call Recording Encryption via the Console, at an account or subaccount level. During the developer preview, we can manually enable it on accounts (request access here). Once configured, your subsequent recordings will be encrypted with the public key provided. The recording will remain in encrypted form while stored in Twilio’s storage and when it is retrieved by the customer.

Decrypting Recordings

Additional properties on both the recordingStatusCallback and recording resource metadata will be available to:

  • Indicate the public key used for encryption by Twilio.
  • Provide two additional values required for decryption. You will need these two values along with your stored private key to decrypt the recording.

Developer Preview

Call Recording Encryption is being launched today in developer preview and can be used for all types of voice recordings.

If you’re interested in adding Call Recording Encryption to your Twilio-powered application, just let us know about your use case here. If there’s a match, we’ll get back to you with pricing and details on how to get started.

We can’t wait to see what you build!