Configure an external key definition

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Configure your external encryption key to use in External Key Management Service (EKMS).

    시작하기 전에

    Roles required: admin, security_admin, and sn_kmf.cryptographic_manager

    주:
    To configure EKMS, verify that you have an enabled key with your external key management provider and the configured user has the necessary permissions to use the key.
    The user must have permissions to run the following AWS KMS API operations:
    • kms:DescribeKey
    • kms:Encrypt
    • kms:Decrypt

    프로시저

    1. Navigate to All > System Security > Field Encryption > EKMS Configurations > New.
    2. On the form, fill in the fields.
      Field Description
      Application Automatically populated with Global.
      Cloud KMS Provider Automatically populated with AWS.
      EKMS Integration Name Choose a name for the key definition. This name is referenced when running scripts.
      Key Region Enter the key region associated with your external key.
      External Key Identifier Enter the Amazon Resource Name (AWS ARN) for your external key.
      Primary Region URL Enter the unique Primary Regional URL that begins with KMS. Example: https://kms.[key region]_amazonaws.com.
      KMS Credentials Access Key Enter the key management service (KMS) for your credentialed AWS user.
      KMS Credentials Secret Key Enter the secret key for your credentialed AWS user.
    3. Select Submit.

    결과

    The external key definition is configured.

    다음에 수행할 작업

    Next steps: