Module lifecycle policy exceptions for Field Encryption

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Use module lifecycle policy exceptions to customize the lifecycle of your module keys.

    Avant de commencer

    Role required: sn_kmf.admin or sn_kmf.cryptographic_manager

    Pourquoi et quand exécuter cette tâche

    Module lifecycle policy exceptions change the lifecycle policy of Field Encryption modules from the standard Instance-level lifecycle policy. For example, if you've configured symmetric keys to be limited to one year at the instance level, you can create a module lifecycle policy exception for a specific Field Encryption module to allow its key to remain active for two years.

    Procédure

    1. Navigate to All > System Security > Field Encryption > Field Encryption Modules.
    2. Select the field encryption module record that requires a module lifecycle policy exception.
    3. In the field encryption module record, select New in the Module Policy Exceptions related list.
    4. In the key lifecycle policy form, fill in the fields as needed.
      Field Description
      Crypto Module Displays the name of the field encryption module that will use this policy exception.
      Applies To The specified key is auto populated.
      Key Type Select the key type. Exception policies are related to a specific key. Multiple exception policies can be created per Field Encryption Module.
      Policy Condition Create qualifying conditions from the drop-down menu and complete the additional constraint criteria.
      Result Select Reject to reject use of the key or Track to allow use of it when the criteria are met.
    5. Select Submit.