Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Set up encryption contexts

Log in to subscribe to topics and get notified when content changes.

Set up encryption contexts

Administrators can create an encryption context that uses an encryption key. Only users who have a role associated with the encryption context can view the data encrypted with that encryption context.

Before you begin

Role required: security_admin

About this task

Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.

Starting with the London release, the Now Platform no longer supports creating new Triple DES keys for an Encryption Context, but continues to support previously-created Triple DES keys. Previously-created Triple DES keys are listed in the Encryption Contexts with a Type of 3DES.


  1. Navigate to System Security > Field Encryption > Encryption Contexts.
  2. Click New.
  3. Complete the form.
    Field Description
    Name Name of the encryption context.
    Encryption key Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters:
    • 16 characters for AES 128-bit
    • 32 characters for AES 256-bit
    Warning: You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
    Type Type of encryption used to encrypt your data:
    • AES 128-bit: Advanced Encryption Standard
    • AES 256-bit: Advanced Encryption Standard using 256-bit encryption
  4. Click Submit.

    The newly-created encryption key is encrypted with a key the system maintains. This key is not stored in the database. This practice prevents other users from copying the key and using it to decrypt data.

  5. Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
  6. Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
  7. Select the encryption context to associate with the role (there can be only one encryption context per role).
  8. Click Update.

    You must log out of the instance and log in again to use the encryption context.