Configure Customer-supplied keys for Field Encryption Enterprise

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Bring your own data encryption key to the platform instead of using the one that ServiceNow generates.

    始める前に

    Role required: sn_kmf.admin or sn_kmf.cryptographic_manager

    このタスクについて

    If you're using Field Encryption Enterprise, you can use your own data encryption key to the platform rather than one generated by ServiceNow.

    You must have a symmetric key that has been generated outside of ServiceNow. The examples in this document rely on OpenSSL. For more information on OpenSSL, see details at https://www.openssl.org. If you are using other cryptographic tools, such as LibreSSL or GnuTLS, refer to the documentation for those products for similar steps.

    手順

    1. In a command line on your machine (example: Terminal), run the following command: openssl rand 32 > mykey.bin.
      注:
      When using a 128-bit key, run openssl rand 16 > mykey.bin instead of 32.
      Save the mykey.bin file, which will be used in following steps.
    2. On your instance, navigate to All > System Security > Field Encryption > Field Encryption Settings.
    3. Change the Key Source field from ServiceNow Generated Keys to Customer Supplied Keys.
    4. Select Submit.

    次のタスク

    Use the symmetric key you've created on your instance by following these steps:

    1. Configure properties for customer-supplied key
    2. Wrap your customer-supplied key
    3. Upload your customer-supplied key