Configure Customer-supplied keys for Field Encryption Enterprise

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Bring your own data encryption key to the platform instead of using the one that ServiceNow generates.

    Antes de Iniciar

    Role required: sn_kmf.admin or sn_kmf.cryptographic_manager

    Por Que e Quando Desempenhar Esta Tarefa

    If you're using Field Encryption Enterprise, you can use your own data encryption key to the platform rather than one generated by ServiceNow.

    You must have a symmetric key that has been generated outside of ServiceNow. The examples in this document rely on OpenSSL. For more information on OpenSSL, see details at https://www.openssl.org. If you are using other cryptographic tools, such as LibreSSL or GnuTLS, refer to the documentation for those products for similar steps.

    Procedimento

    1. In a command line on your machine (example: Terminal), run the following command: openssl rand 32 > mykey.bin.
      Nota:
      When using a 128-bit key, run openssl rand 16 > mykey.bin instead of 32.
      Save the mykey.bin file, which will be used in following steps.
    2. On your instance, navigate to All > System Security > Field Encryption > Field Encryption Settings.
    3. Change the Key Source field from ServiceNow Generated Keys to Customer Supplied Keys.
    4. Select Submit.

    O que Fazer Depois

    Use the symmetric key you've created on your instance by following these steps:

    1. Configure properties for customer-supplied key
    2. Wrap your customer-supplied key
    3. Upload your customer-supplied key