Create cryptographic module for Field Encryption

Release version:
Yokohama
Xanadu
Washington DC
Vancouver
UpdatedJan 30, 2025
2 minutes to read

Yokohama
Now Platform Security

Create a Field Encryption cryptographic module to define the mechanisms used for cryptographic operations.

Before you begin

Role required: sn_kmf.cryptographic_manager or sn_kmf_admin, security_admin, admin

About this task

This procedure describes options that are available with Field Encryption with the base system and additional configuration options that become available with Field Encryption Enterprise functionality. Field Encryption Enterprise is available with a paid subscription. Refer to Encryption and Key Management subscription bundle for supported features and options available with each offering. See Activate Field Encryption for more information on obtaining Field Encryption Enterprise.

Procedure

Navigate to All > System Security > Field Encryption Modules > New.

On the form, fill in the fields.

Search:

Table 1. Cryptographic Module form
Field	Description
Module name	Alphanumeric string to be referenced when running scripts.
Crypto spec template	Default template used to create the cryptographic module that contains mappings of many crypto purposes to crypto specifications and recommended algorithms.
Application	The selected application scope.
Name	Encryption module name is prepended with application scope name to avoid conflict with other scoped applications on module creation. For example, if you created a module with the name `my_crypto_module` in the global application scope, the name is saved as `global.my_crypto_module`.
Crypto module lifecycle state	The term lifecycle refers to the creation, use, and deactivation of a cryptographic module. Set to Draft initially during configuration. When using the module, set to Published. The Default template is automatically set to Published.
Parent crypto module	The parent is populated automatically as column_level_encryption.

Click Submit.

After submitting successfully, your cryptographic module is listed in the Cryptographic Modules table.

Warning:

For legacy encryption support users:

If you're using the non-enterprise version of Field Encryption, you're limited to five modules. If you've exceeded this limit, you receive the following warning:

This insertion exceeds the number of published modules limit for Field Encryption  entitled with the Subscription Product. The Enterprise subscription for Field Encryption is required for additional modules. Please reach out to your Account team.

A default cryptographic specification is created with the crypto purpose set to Symmetric Data Encryption/Decryption and the algorithm as AES 256 CBC. Select the algorithm for updates.
To open the configuration options, click the newly created cryptographic module.

Note: A maximum of five Field Encryption modules are allowed before upgrading to Field Encryption Enterprise. An error message displays and you are prevented from adding additional cryptographic modules.

What to do next

Create a cryptographic specification for Field Encryption.

Was this topic helpful?

Yes No

Yokohama Platform security

Filters

Versions

Products

Create cryptographic module for Field Encryption

Table of contents

Create cryptographic module for Field Encryption

Log in to get a better experience

Please let us know how to improve this content

Save as PDF

Please let us know how to improve this content