Create a cryptographic module to define the mechanisms used for cryptographic operations. After you create the module, you create a cryptographic specification, where you define an algorithm for encryption and generates a key.

Before you begin

If you're supplying your own keys, go to Configure and upload your customer supplied key.

Role required: sn_kmf.cryptographic_manager

About this task

This procedure describes options that are available with KMF in the ServiceNow platform base system. Field Encryption Enterprise functionality is available only when the com.glide.now.platform.encryption plugin is active. See Activate Field Encryption Enterprise for more information on obtaining Field Encryption Enterprise. See Create cryptographic module for Field Encryption.

Note: Cryptographic module [sys_kmf_crypto_module] records can't be deleted.

Procedure

  1. Navigate to All > Key Management > Cryptographic Modules > Create New.
  2. On the form, fill in the fields:
  3. Select Submit.
    Warning:
    For legacy encryption support users:
    If you're using the non-enterprise version of Field Encryption, you're limited to five modules. If you've exceeded this limit, you receive the following warning:
    This insertion exceeds the number of published modules limit for Field Encryption entitled with the Subscription Product. The Enterprise subscription for Field Encryption is required for additional modules. Please reach out to your Account team.

    After submitting successfully, your cryptographic module is listed in the Cryptographic Modules table. The system prepends the name with the scope to avoid conflict with other scoped applications. For example, if you created a module with the name my_crypto_module in the global application scope, the name is saved as global.my_crypto_module.

What to do next

Create a cryptographic specification

.