Create an encryption context that uses an encryption key. Only users who have a role associated with the encryption context can view the data encrypted with that encryption context.

Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.

1. Navigate to System Security > Field Encryption > Encryption Contexts.
2. Click New.
3. Complete the form.

   Field	Description
   Name	Name of the encryption context.
   Encryption key	Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters: 16 characters for AES 128-bit 32 characters for AES 256-bit Warning:You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
   Type	Type of encryption used to encrypt your data: AES 128-bit: Advanced Encryption Standard AES 256-bit: Advanced Encryption Standard using 256-bit encryption

4. Click Submit.

   The newly-created encryption key is encrypted with a key the system maintains. This key is not stored in the database. This practice prevents other users from copying the key and using it to decrypt data.

5. Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
6. Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
7. Select the encryption context to associate with the role (there can be only one encryption context per role).
8. Click Update.

   You must log out of the instance and log in again to use the encryption context.

    

   Hope this helps!

   -Dean

   If my replies have helped you at all, I’d really appreciate it if you click the Helpful button and if my reply is the answer you were looking for, it would be awesome if you could click the Accepted Solution button!