Home New York Now Platform Administration Now Platform administration Platform security Encryption Encryption Support Set up encryption contexts

Set up encryption contexts

Create an encryption context that uses an encryption key. Only users who have a role associated with the encryption context can view the data encrypted with that encryption context.

Before you begin

Role required: security_admin

About this task

Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.

Starting with the London release, the Now Platform no longer supports creating new Triple DES keys for an Encryption Context, but continues to support previously-created Triple DES keys. Previously-created Triple DES keys are listed in the Encryption Contexts with a Type of 3DES.

Encryption contexts: Previously-created Triple DES key

Procedure

Navigate to System Security > Field Encryption > Encryption Contexts.

Note: Complete the setup in Activate the Encryption Support plugin to perform these steps.
Click New.

Complete the form.


Field	Description
Name	Name of the encryption context.
Encryption key	Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters: 16 characters for AES 128-bit 32 characters for AES 256-bit Warning: You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
Type	Type of encryption used to encrypt your data: AES 128-bit: Advanced Encryption Standard AES 256-bit: Advanced Encryption Standard using 256-bit encryption

Click Submit.

The newly-created encryption key is encrypted with a key the system maintains. This key is not stored in the database. This practice prevents other users from copying the key and using it to decrypt data.
Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
Select the encryption context to associate with the role (there can be only one encryption context per role).
Click Update.

You must log out of the instance and log in again to use the encryption context.

Previous topic

Next topic

Release version

Set up encryption contexts

Create an encryption context that uses an encryption key. Only users who have a role associated with the encryption context can view the data encrypted with that encryption context.

Before you begin

Role required: security_admin

About this task

Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.

Procedure

Navigate to System Security > Field Encryption > Encryption Contexts.

Note: Complete the setup in Activate the Encryption Support plugin to perform these steps.
Click New.

Complete the form.


Field	Description
Name	Name of the encryption context.
Encryption key	Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters: 16 characters for AES 128-bit 32 characters for AES 256-bit Warning: You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
Type	Type of encryption used to encrypt your data: AES 128-bit: Advanced Encryption Standard AES 256-bit: Advanced Encryption Standard using 256-bit encryption

Click Submit.

The newly-created encryption key is encrypted with a key the system maintains. This key is not stored in the database. This practice prevents other users from copying the key and using it to decrypt data.
Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
Select the encryption context to associate with the role (there can be only one encryption context per role).
Click Update.

You must log out of the instance and log in again to use the encryption context.

How search works:

Topics are ranked in search results by how closely they match your search terms

Set up encryption contexts

Set up encryption contexts

On this page

Set up encryption contexts

Set up encryption contexts

Log in to personalize your search results and subscribe to topics