Create cryptographic module for Column Level Encryption

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Create a Field Encryption cryptographic module to define the mechanisms used for cryptographic operations.

    Avant de commencer

    Role required: sn_kmf.cryptographic_manager or sn_kmf_admin, security_admin, admin

    Pourquoi et quand exécuter cette tâche

    This procedure describes options that are available with Column Level Encryption with the base system and additional configuration options that become available with Column Level Encryption Enterprise functionality. Column Level Encryption Enterprise is available with a paid subscription. Refer to Encryption and Key Management subscription bundle for supported features and options available with each offering. See Activate Column Level Encryption Enterprise for more information on obtaining Column Level Encryption Enterprise.

    Procédure

    1. Navigate to All > System Security > Field Encryption Modules > New.

      Shows new crypto module form for Column Level Encryption Enterprise.

    2. On the form, fill in the fields.
      Tableau 1. Cryptographic Module form
      Field Description
      Module name Alphanumeric string to be referenced when running scripts.
      Crypto spec template Default template used to create the cryptographic module that contains mappings of many crypto purposes to crypto specifications and recommended algorithms.
      Application The selected application scope.
      Name Encryption module name is prepended with application scope name to avoid conflict with other scoped applications on module creation. For example, if you created a module with the name my_crypto_module in the global application scope, the name is saved as global.my_crypto_module.
      Crypto module lifecycle state The term lifecycle refers to the creation, use, and deactivation of a cryptographic module. Set to Draft initially during configuration. When using the module, set to Published. The Default template is automatically set to Published.
      Parent crypto module The parent is populated automatically as column_level_encryption.
    3. Click Submit.

      After submitting successfully, your cryptographic module is listed in the Cryptographic Modules table.

      Avertissement :
      For legacy encryption support users:
      If you're using the non-enterprise version of Column Level Encryption, you're limited to five fields. If you've exceeded this limit, you receive the following warning:
      This insertion exceeds the number of published fields limit for Column Level Encryption  entitled with the Subscription Product. The Enterprise subscription for Column Level Encryption is required for additional fields. Please reach out to your Account team.
      A default cryptographic specification is created with the crypto purpose set to Symmetric Data Encryption/Decryption and the algorithm as AES 256 CBC. Select the algorithm for updates.
    4. To open the configuration options, click the newly created cryptographic module.
      Remarque :
      A maximum of five Column Level Encryption fields are allowed before upgrading to Column Level Encryption Enterprise. An error message displays and you are prevented from adding additional cryptographic modules. Error message for maximum modules created in FEE.

    Que faire ensuite

    Create a cryptographic specification for Column Level Encryption.