Create a cryptographic module with external key wrapping

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Create a cryptographic module that uses external Amazon Web Services Key Management System (AWS KMS) key wrapping to encrypt ServiceNow data.

    시작하기 전에

    Roles required: admin, security_admin, and sn_kmf.cryptographic_manager

    Confirm that you have:

    이 태스크 정보

    A cryptographic module with external key wrapping generates encryption keys that are wrapped (encrypted) by your AWS KMS key instead of ServiceNow's internal key management. ServiceNow can't decrypt your data without access to your external AWS key.

    프로시저

    1. Navigate to All > System Security > Field Encryption Modules.
    2. Select New.
    3. Enter a name for the module in the Name field.
    4. Select the External wrap key check box.
      중요사항:
      If Externally Wrap Key isn't selected, the module uses internal key wrapping, which doesn't use your AWS KMS key.
    5. In the External KMS Configuration field, enter or use the search function to select your EKMS configuration.
    6. Select Submit to save the cryptographic module.

    결과

    The cryptographic module is created and ready to be used for encrypting field data. The encryption key is wrapped by your AWS KMS key, establishing external key management.

    When you enable external key wrapping, all keys for this module are automatically rewrapped with your External Key Encryption Key (EKEK). This protects them with your EKMS key. Both existing keys and future keys you create will be externally wrapped.

    다음에 수행할 작업

    Next steps: