1.0 Introduction
This article describes the steps to configure and integrate Fortanix-Data-Security-Manager Solution as a Service (DSM SaaS) solution with a ServiceNow instance for customer-managed encryption keys.
2.0 Prerequisites
Ensure the following:
An account on Fortanix DSM SaaS.
ServiceNow instance with Database Encryption and Customer-Controlled Switch feature. For more information, refer to the Database Encryption with Customer-Controlled Switch
3.0 Setting up the ServiceNow Instance
Refer to the ServiceNow documentation on how to set up your ServiceNow instance and enable external KMS functionality.
Fortanix DSM SaaS service is globally available in North America, the European Union, the United Kingdom, the Asia Pacific, and Australia regions.
4.0 Configure Fortanix DSM
A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:
4.1 Signing Up
To get started with the Fortanix DSM cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.
For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.
4.2 Creating an Account
Access <Your_DSM_Service_URL> in a web browser and enter your credentials to log in to Fortanix DSM.
.png?sv=2022-11-02&spr=https&st=2025-05-29T03%3A59%3A54Z&se=2025-05-29T04%3A12%3A54Z&sr=c&sp=r&sig=RSXTBnTd62H5PkviX1CLDzHSUZ5yj3KfyOgljoBn7mU%3D)
Figure 1: Logging in
For more information on how to set up an account in Fortanix DSM, refer to the User's Guide: Getting Started with Fortanix Data Security Manager - UI.
5.0 Using SaaS Deployment
5.1 Creating a ServiceNow Instance
Perform the following steps to create an instance using the ServiceNow wizard in Fortanix DSM SaaS:
Sign up at https://smartkey.io/ to access DSM SaaS for the AMER region. DSM SaaS supports multiple regions, as listed here.
In the DSM left navigation panel, click the Instances menu item, and then click the select the Cloud Key Management/BYOK check box. Click ADD INSTANCE on the ServiceNow wizard.
.png?sv=2022-11-02&spr=https&st=2025-05-29T03%3A59%3A54Z&se=2025-05-29T04%3A12%3A54Z&sr=c&sp=r&sig=RSXTBnTd62H5PkviX1CLDzHSUZ5yj3KfyOgljoBn7mU%3D)
Figure 2: Add ServiceNow instance
On the Add Instance page, do the following:
Instance Name: Enter a name for your instance.
Key expires after: Specify the duration after which keys created through this instance will expire automatically.
API Gateway: Select the Fortanix-managed API Gateway for secure communication with Fortanix DSM. Support for custom API Gateway configuration will be available in a future release.
Click SAVE.
Figure 3: Add instance
After setup, contact ServiceNow Support at [email protected] and provide the key endpoint in the following format: https://servicenow.fortanix.com/kek/<instance_name>/<key_version>.
The ServiceNow Support team will use this information to enable the Customer Control Switch for your instance.
5.2 ServiceNow Instance Detailed View
Navigate to the Integrations menu item → ServiceNow wizard → ServiceNow instances table.
In the instance detailed view page, the following information is represented:
KEY EXPIRATION DURATION: Displays the time duration after which the keys created through this instance will expire automatically, based on the default or configured policy.
DELETE: To delete the instance, click the overflow menu
(2).png?sv=2022-11-02&spr=https&st=2025-05-29T03%3A59%3A54Z&se=2025-05-29T04%3A12%3A54Z&sr=c&sp=r&sig=RSXTBnTd62H5PkviX1CLDzHSUZ5yj3KfyOgljoBn7mU%3D)
and select the DELETE option. Note that deleting an instance will result in the removal of the app, group, and all security objects associated with the instance, rendering all key material inaccessible.EDIT INSTANCE: To modify the instance details, click the overflow menu
and select the EDIT INSTANCE option. On the Edit instance expiry time window, update the key expiry duration and click SAVE.
Figure 4: ServiceNow instance created
6.0 Disabling the Key (Kill Switch)
In case the key is compromised, perform the following steps to disable the key:
In the Fortanix ServiceNow wizard, change the "Key expires after" field to 0.
After 15 minutes, the ServiceNow database should crash, and you will not be able to access it using the ServiceNow UI.
Raise a ticket with the ServiceNow support team to inform them.
7.0 Enabling the Key (Kill Switch)
Change the "Key expires after" field to a value greater than 0 (recommended value: 2 days).
Raise a ticket with the ServiceNow support team to re-enable the database.