Method, apparatus, and computer program product for encryption key management within a group-based communication system

What is claimed is: 1. A system for providing encryption key management, the system comprising an encryption key management apparatus communicatively coupled with one or more servers, the one or more servers comprising at least one processor and at least one non-transitory memory storing instructions that, when executed by the processor, configure the one or more servers to: receive access to one or more encryption keys provided by a key material source, the one or more encryption keys for accessing data managed by the one or more servers, wherein access to the one or more encryption keys is revocable on a per keyscope component basis such that any encryption key associated with a revoked keyscope component is rendered invalid by the key material source; receive encrypted plaintext or decrypted ciphertext, wherein the encrypted plaintext is encrypted using the one or more encryption keys provided by the key material source, and further wherein the encrypted plaintext comprises one or more of a message plaintext, a file plaintext, or a search index encryption key; and rotate at least one encryption key of the one or more encryption keys, based at least in part on a timestamp associated with the at least one encryption key. 2. The system of claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the at least one processor, further configure the one or more servers to: receive, at the one or more servers and from the encryption key management apparatus, access to one or more encryption keys stored in at least one memory of the encryption key management apparatus, the encryption keys for accessing data managed by the one or more servers. 3. The system of claim 1 , wherein the decrypted ciphertext comprises one or more of a decrypted message ciphertext, a decrypted file ciphertext, or a decrypted search index encryption key. 4. The system of claim 1 , wherein a keyscope component is associated with an encryption key and is one or more of a timestamp, a user identifier, a message identifier, a file identifier, a channel identifier, a team identifier, organization identifier, key family identifier, location identifier or a workspace identifier. 5. A computer-implemented method for providing encryption key management, comprising: receiving, by one or more servers, access to one or more encryption keys provided by a key material source, the encryption keys for accessing data managed by the one or more servers, wherein access to the one or more encryption keys is revocable on a per keyscope component basis such that any encryption key associated with a revoked keyscope component is rendered invalid by the key material source; receiving, by the one or more servers, encrypted plaintext or decrypted ciphertext, wherein the encrypted plaintext is encrypted using the one or more encryption keys provided by the key material source, and further wherein the encrypted plaintext comprises one or more of a message plaintext, a file plaintext, or a search index encryption key; and rotating at least one encryption key of the one or more encryption keys, based at least in part on a timestamp associated with the at least one encryption key. 6. The computer-implemented method of claim 5 , further comprising: receiving by the one or more servers, access to one or more encryption keys stored in at least one memory of an encryption key management apparatus, the encryption keys for accessing data managed by the one or more servers. 7. The computer-implemented method of claim 5 , wherein the decrypted ciphertext comprises one or more of a decrypted message ciphertext, a decrypted file ciphertext, or a decrypted search index encryption key. 8. The computer-implemented method of claim 5 , wherein a keyscope component is associated with an encryption key and is one or more of a timestamp, a user identifier, a message identifier, a file identifier, a channel identifier, a team identifier, or a workspace identifier. 9. The system of claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the at least one processor, further configure the one or more servers to: receive, from the key material source, a request to revoke access to data associated with a particular group-based communication channel. 10. The system of claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the at least one processor, further configure the one or more servers to: refresh one or more of a local cache storing encryption keys and a local memory storing the encryption keys. 11. The computer-implemented method of claim 5 , further comprising: retrieving log data associated with access to data owned by the key material source, a particular instance of the log data indicating an access reason associated with accessing the data owned by the key material source. 12. The computer-implemented method of claim 5 , further comprising: revoking access to data associated with the revoked keyscope component while maintaining access to other data owned by the key material source. 13. A non-transitory computer storage medium comprising instructions, the instructions being configured to cause one or more processors to at least perform operations comprising: receiving, by one or more servers, access to one or more encryption keys provided by a key material source, the encryption keys for accessing data managed by the one or more servers, wherein access to the one or more encryption keys is revocable on a per keyscope component basis such that any encryption key associated with a revoked keyscope component is rendered invalid by the key material source; receiving, by the one or more servers, encrypted plaintext or decrypted ciphertext, wherein the encrypted plaintext is encrypted using the one or more encryption keys provided by the key material source, and further wherein the encrypted plaintext comprises one or more of a message plaintext, a file plaintext, or a search index encryption key; and rotating at least one encryption key of the one or more encryption keys, based at least in part on a timestamp associated with the at least one encryption key. 14. The non-transitory computer storage medium of claim 13 , the instructions being configured to cause the one or more processors to perform operations further comprising: revoking access to data associated with the revoked keyscope component while maintaining access to other data owned by the key material source. 15. The non-transitory computer storage medium of claim 13 , the instructions being configured to cause the one or more processors to perform operations further comprising: receiving, by the one or more servers, access to one or more encryption keys stored in at least one memory of an encryption key management apparatus, the encryption keys for accessing data managed by the one or more servers. 16. The non-transitory computer storage medium of claim 13 , wherein the decrypted ciphertext comprises one or more of a decrypted message ciphertext, a decrypted file ciphertext, or a decrypted search index encryption key. 17. The non-transitory computer storage medium of claim 13 , wherein a keyscope component is associated with an encryption key and is one or more of a timestamp, a user identifier, a message identifier, a file identifier, a channel identifier, a team identifier, or a workspace identifier. 18. The non-transitory computer storage medium of claim 13 , the instructions being configured to cause the one or more proc