Configure an external key definition

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Configure your external encryption key to use in External Key Management Service (EKMS).

    Antes de Iniciar

    Roles required: admin, security_admin, and sn_kmf.cryptographic_manager

    Nota:
    To configure EKMS, verify that you have an enabled key with your external key management provider and the configured user has the necessary permissions to use the key.
    The user must have permissions to run the following AWS KMS API operations:
    • kms:DescribeKey
    • kms:Encrypt
    • kms:Decrypt

    Procedimento

    1. Navigate to All > System Security > Field Encryption > EKMS Configurations > New.
    2. On the form, fill in the fields.
      Field Description
      Application Automatically populated with Global.
      Cloud KMS Provider Automatically populated with AWS.
      EKMS Integration Name Choose a name for the key definition. This name is referenced when running scripts.
      Key Region Enter the key region associated with your external key.
      External Key Identifier Enter the Amazon Resource Name (AWS ARN) for your external key.
      Primary Region URL Enter the unique Primary Regional URL that begins with KMS. Example: https://kms.[key region]_amazonaws.com.
      KMS Credentials Access Key Enter the key management service (KMS) for your credentialed AWS user.
      KMS Credentials Secret Key Enter the secret key for your credentialed AWS user.
    3. Select Submit.

    Resultado

    The external key definition is configured.

    O que Fazer Depois

    Next steps: