Configure an external key definition

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Configure your external encryption key to use in External Key Management Service (EKMS).

    Vorbereitungen

    Roles required: admin, security_admin, and sn_kmf.cryptographic_manager

    Hinweis:
    To configure EKMS, verify that you have an enabled key with your external key management provider and the configured user has the necessary permissions to use the key.
    The user must have permissions to run the following AWS KMS API operations:
    • kms:DescribeKey
    • kms:Encrypt
    • kms:Decrypt

    Prozedur

    1. Navigate to All > System Security > Field Encryption > EKMS Configurations > New.
    2. On the form, fill in the fields.
      Field Description
      Application Automatically populated with Global.
      Cloud KMS Provider Automatically populated with AWS.
      EKMS Integration Name Choose a name for the key definition. This name is referenced when running scripts.
      Key Region Enter the key region associated with your external key.
      External Key Identifier Enter the Amazon Resource Name (AWS ARN) for your external key.
      Primary Region URL Enter the unique Primary Regional URL that begins with KMS. Example: https://kms.[key region]_amazonaws.com.
      KMS Credentials Access Key Enter the key management service (KMS) for your credentialed AWS user.
      KMS Credentials Secret Key Enter the secret key for your credentialed AWS user.
    3. Select Submit.

    Ergebnisse

    The external key definition is configured.

    Nächste Maßnahme

    Next steps: