Configuration Overview

Configuring External Key Management Service (EKMS) involves installing the plugin, connecting to AWS KMS, and setting up encryption for specific fields. Complete these tasks to establish external key management for your ServiceNow data.

Configuration Workflow

1. Activate the EKMS plugin and assign required user roles
2. Configure the AWS KMS key definition with connection credentials
3. Create cryptographic modules that use external key wrapping
4. Specify which table fields should be encrypted
5. Set up access policies to control data visibility
6. Test encryption and access control to verify the configuration

Prerequisites

Before configuring EKMS, verify that you have:

• AWS KMS access through your organization's request process
• Created or identified an AWS KMS key
• Identity and Access Management (IAM) user credentials with KMS permissions
• IAM user configured with at least these permissions: kms:DescribeKey, kms:Encrypt, and kms:Decrypt
• Admin, Security Admin, and Crypto Manager roles in ServiceNow