Run secrets management security jobs

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Schedule a secrets management job to perform encryption tasks on secrets fields on your instance.

    始める前に

    Role required: sn_kmf.admin, security_admin, and sn_secrets.admin

    To perform these steps, you must elevate to the security_admin role. For details on this process see, Elevate to a privileged role

    手順

    1. Navigate to All > System Security > Security Jobs > Create New.
    2. At the What type of Security Job would you like to create? prompt, select Secrets Management Job.
    3. On the form, fill in the fields.
      表 : 1. Secrets Management Job form
      Field Description
      Name Name of the security job
      State The initial job state is New. After the job has been executed as scheduled, the state will update accordingly
      Time window start Start time for the job in 24-hour format. The job begins execution at the chosen time.
      Time window end End time for the job in 24-hour format. If the job isn’t finished by this time, it continues during the next specified processing window until the job is complete.
      Enforcement Level Whether the job affects all tables, or a selection of specific tables or fields. Select from
      • All Tables
      • Specific Tables
      • Specific Fields
      • Specific Packages
      警告:
      Selecting the All Tables option may affect instance performance. Consider scheduling at non-peak hours.
      Packages The packages to include in this job. Encryption is applied to selected packages. This option displays only when the Enforcement Level field is set to Specific Packages
      Tables The tables to include in this job. Encryption is applied to all applicable fields within the selected tables. This option displays only when Enforcement Level is set to Specific Tables
      Fields The tables to include in this job. Encryption is applied to all selected fields. This option displays only when Enforcement Level is set to Specific Fields
      Job Mode Select from
      Password2 to Secrets Management
      Encrypt all password2 fields within your secrets groups using the cryptographic modules defined each group's module access policy.
      Secrets Management to Password2
      Re-Encrypt data in your secrets groups using password2 encryption. For details on this encryption type see Password2 encryption with KMF.
      Secret Group Enforcement
      Queries all data that should match the group selected in the Secret Group field. If all the data found by the query is already in the group, the job makes no changes. If the query finds data that is not yet in the group, the job re-encrypts this data within the Secret Group.
      注:
      If the data found in this query is already encrypted and your instances can't decrypt that data, it isn’t encrypted and added to the secrets group.
      Secret Group Secret group containing the secrets to encrypt. This field is only available when Secret Group is selected in the Job Mode field.
      Force rekeying data
      Summary Displays information about the job progress. Summary also displays records that couldn’t be encrypted by the job.
    4. Select Submit.

    次のタスク

    The job queries all data that should match the selected secret group. If all the data found by the query is already in the group, the job makes no changes. If the query finds data that is not yet in the group, the job re-encrypts this data within the Secret Group. (If the instance can decrypt it, which may not be the case for client side-encrypted secrets).