Configure an external key definition

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Configure your external encryption key to use in External Key Management Service (EKMS).

    始める前に

    Roles required: admin, security_admin, and sn_kmf.cryptographic_manager

    注:
    To configure EKMS, verify that you have an enabled key with your external key management provider and the configured user has the necessary permissions to use the key.
    The user must have permissions to run the following AWS KMS API operations:
    • kms:DescribeKey
    • kms:Encrypt
    • kms:Decrypt

    手順

    1. Navigate to All > System Security > Field Encryption > EKMS Configurations > New.
    2. On the form, fill in the fields.
      Field Description
      Application Automatically populated with Global.
      Cloud KMS Provider Automatically populated with AWS.
      EKMS Integration Name Choose a name for the key definition. This name is referenced when running scripts.
      Key Region Enter the key region associated with your external key.
      External Key Identifier Enter the Amazon Resource Name (AWS ARN) for your external key.
      Primary Region URL Enter the unique Primary Regional URL that begins with KMS. Example: https://kms.[key region]_amazonaws.com.
      KMS Credentials Access Key Enter the key management service (KMS) for your credentialed AWS user.
      KMS Credentials Secret Key Enter the secret key for your credentialed AWS user.
    3. Select Submit.

    タスクの結果

    The external key definition is configured.

    次のタスク

    Next steps: