Configure field encryption settings to select key type

Release version: Australia

Updated March 12, 2026

1 minute to read

Configure your field encryption settings to use ServiceNow supplied keys or your own customer-supplied keys (CSK) for encryption on the ServiceNow AI Platform.

Before you begin

Customer-supplied keys are only supported with Field Encryption Enterprise.

Role required: sn_kmf.cryptographic_manager and security_admin

Procedure

Navigate to All > System Security > Field Encryption Settings.
From the Field Encryption Settings, select either ServiceNow Generated Keys or Customer Supplied Keys from the Key Source list.

Figure 1. Key source selection

This option changes the com.glide.encryption.cle_kmf.key_source property to either ServiceNow Generated Keys or Customer Supplied Keys.
Select Save.

What to do next

If you’re using your own customer-supplied keys, see Using customer-supplied keys with Field Encryption Enterprise.
If you’re using ServiceNow supplied keys, start creating your cryptographic module. See Create a cryptographic module.