How to Set Up the Synology Key Manager
Introduction
In this tutorial, we will be showing you how to set up the Synology Key Manager to securely store and manage your encryption keys. We will cover the basics of setting up and configuring the Key Manager, as well as how to manage keys, and how to use them to encrypt and decrypt data. Whether you are a small business or an individual, the Synology Key Manager can help you ensure the security and privacy of your sensitive information. As an added bonus we’ll also cover how to have the encrypted shares mount on boot of the NAS to automate your maintenance processes.
Video
Process
Lets jump into the configuration.
Step 1 – Check Your Backups
Before you do anything with production data and encryption, double check your backups!

One mistake can cause a world of hurt.
Step 2 – Plug in the Flash Drive
Go to your Synology NAS and plug in your new flash drive. Synology recommends that you use USB Drive instead of using a system partition.

Between using a new USB drive and ejecting the drive after boot. This greatly reduces the risk of encryption key loss because the drive is only being used for minutes every once an while. Where as a system partition gets the strains of every day use.
Step 3 – Initialize the Key Manager
Go to Control Panel > Shared Folder > Encryption > Key Manager.
Make sure the flash drive is present.

The come up with passphrase for the Key Manager. You will need this passphrase every time you in to modify the Key Manager.
Step 4 – Import Your Encryption Keys
Importing the your keys are is pretty straight forward. After you click on Add. Synology goes through the shares in alphabetical order.

Select the share and copy in the key. Then click OK. Repeat until all the keys are added.
Step 5 – Enable Mount on Boot
Next to each share you see the check box for mount on boot.

Or you can click the box at the top of the column to enable it for all of them.
Step 6 – Set Eject After Boot
Go to Control Panel > Shared Folder > Encryption > Key Manager > Configure.

Check the box to eject the USB after boot. With this enabled, after the NAS boots and mounts the file shares, the key manager is unmounted preventing changes to be made to the Key Manager,
Step 7 – Testing
Give the Synology NAS a reboot and verify everything comes back up.
Closing
Now you’ve successfully automated your laziness with encryption keys with the Synology Key Master/Manager. You can get some rest knowing that your encrypted file shares will come back up after a reboot in the middle of the night… as long as that flash drive is plugged in.
References and Equipment
- Synology Knowledge Base Article on the Key Manager
- Synology NAS 923+ (Current model)
- 4G Memory Upgrade
- 16Gb Memory Upgrade
- 6TB Seagate Server Hard Drives
- USB Flash Drive
Amazon Links are Affiliate Links and I may earn a small commission on products purchased through the links.