View declined cryptographic module usage requests

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • View cryptographic modules that rejected encryption requests made by scripts because of unsupported encryption mechanisms.

    Before you begin

    Role required: sn_kmf.cryptographic_manager

    About this task

    Cryptographic modules can support one or more encryption purposes, such as Asymmetric Data Decryption and Symmetric Data Decryption. Encrypted data can only be accessed based on the module access policy. If a script tries to use a cryptographic module for a purpose not defined in the module, the script cannot access to the encrypted data.

    In the following example, a cryptographic purpose was assigned to a cryptographic module, but a key was never generated for it.

    Procedure

    Navigate to All > Key Management > Module Key Policies > Module Key Rejections.

    A list of cryptographic modules that rejected requests displays along with the encryption key used in the corresponding script.

    Figure 1. Module Key Rejections
    Crypto modules that rejected requests.
    Note:
    If a different script attempts to use the same cryptographic module using the same key type, the value for Last enforced updates. Another row does not generate.

    In this example, at 2020-02-10_15:55:17, the first module rejected a request because module1's key is compromised. At 2020-02-10_07:24:05, the second module rejected a request because the second module's key is suspended.

    To grant scripts permission to use the encryption module the next time they run, create a module access policy for script encryption. For more information, refer to Configure script access to encrypted data.