Edge Encryption configuration After the Edge Encryption proxy server is installed and running, manage Edge Encryption through the proxy server. You must complete all the steps in Edge Encryption installation before creating encryption configurations and encryption patterns on the instance. Note: To access Edge Encryption configuration, you must log in through the proxy server and elevate to the security_admin role. Rotate encryption keysYou can perform encryption key rotation from the instance. You can add a new key, change the default key assignment, and then schedule a mass key rotation job.Encrypt fields using encryption configurationsEncrypt fields by creating encryption configurations.Encrypt attachments using standard encryptionYou can encrypt attachments for specific tables.Change a field or attachment's encryption typeYou can change a field or attachment's encryption type by selecting a new encryption type in the existing encryption configuration record. A specific table and field combination can only have one active configuration at a time.Tokenize strings using encryption patternsYou can replace string patterns with tokens before they are sent to and stored in the instance.Repair or recover order-preserving encrypted dataIf you have the security-admin role, you can schedule jobs performed by the Edge Encryption proxy to repair or recover fields that use order preserving encryption.Blacklist requests from an IP address in your networkBecause the Edge Encryption proxy server resides in your network, it may be subject to vulnerability scans by your network software. To prevent IP scanner or other requests from being forwarded to your ServiceNow instance, you can blacklist IP addresses, IP ranges, or network masks. Any connection to the proxy server from a blacklisted address is terminated and is not forwarded to your instance. Encrypt data from a record producerRecord producers allow end users to create task-based records, such as incident records, from the Service Catalog and Service Portal. If a record producer attempts to insert data into a field marked for encryption, an invalid insert message displays and the data is not saved to the field. To configure your Edge Encryption proxy server to allow inserts from a record producer, create encryption rules from the record producer record. Define a custom encryption ruleIt may be necessary to identify and encrypt sensitive information in HTTP requests on the way to your instance. You can write encryption rules to identify, interpret, and encrypt data in such requests, mapping fields in the request to table-field names on your instance. Edge Encryption dictionary attributesYou can add Edge Encryption dictionary attributes to tables and fields.