Configure Field Encryption modules

  • Release version: Yokohama
  • Updated January 29, 2025
  • 1 minute to read

    • Learn how to configure Field Encryption modules.

    Before you begin

    Role required: KMF Admin or KMF Cryptographic Manager

    Procedure

    1. Navigate to All > System Security > Field Encryption > Field Encryption Modules.
    2. Select New
    3. In the Module form fill out the fields as shown here.
      Field Value
      Module name Chose a name for the module. This name is referenced when running scripts.
      Crypto Spec Template Automatically populated with Default template. This template is used to create the cryptographic module that contains mappings of many cryptographic purposes to cryptographic specifications and recommended algorithms.
      Application The application scope for this module. This field is automatically populated with the current application.
      Name This name automatically generated. It is the module name prepended with the application scope name to avoid conflict with other scoped applications. For example, if you create a module with the name my_crypto_module in the global application scope, the name is saved as global.my_crypto_module.
      Crypto Module Lifecycle State The term “lifecycle” refers to the creation, use, and deactivation of a cryptographic module. Set this value to Draft initially during configuration. Set it to Published for active use.
      Note:
      The Default template is automatically set to Published.
      Parent Crypto Module For Field Encryption, ensure this value is set to column_level_encryption.
    4. Select Submit.

    What to do next

    Configure the purpose, algorithm, key length, mode, and origin of your encryption key in Cryptographic specifications for Field Encryption.