Set encrypted field configurations

Rversion finale: Australia

Mis à jour 12 mars 2026

3 minutes de lecture

Configure which table columns or attachments that the system encrypts using a preconfigured cryptographic module.

Avant de commencer

Role required: sn_kmf.cryptographic_manager or sn_kmf.admin and security_admin or elevate role to security admin.

Pourquoi et quand exécuter cette tâche

Make sure you are in the correct application scope so you can see the tables in that scope.

Only users with access to the cryptographic module used in this configuration can read the data in the encrypted table column or access the attachment.

If a user has write access but not read access, the field displays in edit mode and the data entered displays as asterisks.
If a user has read access but not write access, the field displays the decrypted data in read-only mode.
If a user has all access, both read/write functionality is available on the encrypted field.

See Create a cryptographic module or Create cryptographic module for Field Encryption to begin.

You can create configurations in various ways:

Select the Encrypted Fields option from a module tile on the Field Encryption Experience Module page.
Within an open module pending initial configuration, select Configure fields encrypted in this module or Encrypted Fields.
Select Create new from the Configurations tab.

Important :

After encrypting a column, any new data inserted into the column is encrypted automatically. However, data that existed in the column before the encryption was active is not automatically encrypted.

In order to encrypt data that existed before the column was encrypted, you must run a separate mass encryption job. Learn more about mass encryption in Run mass encryption or decryption.

Procédure

Navigate to All > System Security > Field Encryption > Field Encryption Experience.
Select View module details for the module you are setting up encrypted field configurations.
Select the Configure fields encrypted in this module option from the Complete these steps in any order to set up the module section.

Remarque :
To establish a Field Encryption configuration that will be used by multiple modules or manage the Encrypt by default option, navigate to the Configurations tab and select Create new. This method allows you to select the module the configuration will apply to.
Select Configure.

Complete the form.


Field	Description
Type	Column to encrypt a table column or Attachment to encrypt all of a table's attachments. Types of data encrypted are: String text (Full UTF-8) Attachments Date, Date/Time: Remarque : You can create encrypted field configurations to encrypt existing Date and Date/Time fields. You can add a new encryption configuration to a parent table only. You can’t add a new encryption configuration to a child table. URL HTML Journal Translated
Table	Table whose fields or attachments are to be encrypted.
Column	Column (field) to be encrypted if you selected column as the type.
Active	Select to mark the configuration active. Deselect if the configuration isn’t yet in use.
Crypto module	The cryptographic module that the encrypted field configuration applies to.
Method	Select Single Module to set the field configuration across one module. Select Multiple Modules for role-based access that spans across more than one cryptographic module. Single Module Use this option to encrypt all attachments using a single module. Your users need access to this module, otherwise they aren't able to upload attachments. Multiple Modules Use this option to allow users to choose a module when uploading attachments. Users with access to at least one module can select a module to use for encryption. Users with no module access can upload unencrypted attachments.
Algorithm Encrypted Preserving [read-only]	Indicates if the crypto module that you selected is already configured to support non-deterministic encryption. This means that if the same data is encrypted more than once, the encryption is different each time.

Select Submit.