1.0 Introduction
This article describes the steps to create a tokenization secret in Fortanix-Data-Security-Manager (DSM).
2.0 Configure Fortanix DSM
A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:
2.1 Signing Up
To get started with the Fortanix DSM cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.
For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.
2.2 Creating an Account
Access <Your_DSM_Service_URL> in a web browser and enter your credentials to log in to Fortanix DSM.
.png?sv=2022-11-02&spr=https&st=2025-06-01T18%3A25%3A01Z&se=2025-06-01T18%3A38%3A01Z&sr=c&sp=r&sig=3V4KjiRxh%2FNRmVLZvuKHI5108ASRAZPgFnYzmcUdBKw%3D)
Figure 1: Logging in
For more information on how to set up an account in Fortanix DSM, refer to the User's Guide: Getting Started with Fortanix Data Security Manager - UI.
2.3 Creating a Group
Perform the following steps to create a group in the Fortanix DSM:
In the DSM left navigation panel, click the Groups menu item, and then click the + button to create a new group.
Figure 2: Add groups
On the Adding new group page, do the following:
Title: Enter a title for your group.
Description (optional): Enter a short description of the group.
Click SAVE to create the new group.
The new group is added to the Fortanix DSM successfully.
2.4 Creating a Tokenization Secret
Once the group is created, configure any of the policies for the group that are required by your organization, such as the Quorum approval policy, Key undo policy (for sensitive key operations), Cryptographic-policy, and Key custodian policy.
.png?sv=2022-11-02&spr=https&st=2025-06-01T18%3A25%3A01Z&se=2025-06-01T18%3A38%3A01Z&sr=c&sp=r&sig=3V4KjiRxh%2FNRmVLZvuKHI5108ASRAZPgFnYzmcUdBKw%3D)
Figure 3: Configure DSM policy
Perform the following steps to add an app to the Tokenization group:
Go to the detailed view of the group, on the INFO tab, click NEW APP.
On the Adding new app page, do the following:
App name: Enter the name for your application.
ADD DESCRIPTION (optional): Enter a short description of the application.
Authentication method: Select the default API Key as the authentication method from the drop down menu. For more information on these authentication methods, refer to the User's Guide: Authentication.
Click SAVE to add the new app.

Figure 4: Add application
Perform the following steps to add a security object to the Tokenization group:
In the DSM left navigation panel, click the Security Objects menu item, and then click the + button to create a new security object.
On the Add new Security Object page, do the following:
Security Object Name: Enter a name for your security object.
Select the GENERATE radio button.
In the Choose a type section, select the Tokenization key type.
In the Key Size section, select the required key size from the drop down menu.
In the Data type section, select the required type of key.
For example,
Email Address
Figure 5: Tokenize email address
Employer Identification Number (USA)
Figure 6: Tokenize employer identification number (USA)
Military Officers Service Number (USA)
Figure 7: Tokenize military officers service number (USA)
Alphanumeric
Figure 8: Tokenize alphanumeric characters
In the Key operations permitted section, select the required operations to define the actions that can be performed with the cryptographic keys.
Click GENERATE to add the new security object.

Figure 9: Create a tokenization secret
You now have the Unique Identifier (UUID) of the tokenization security object. The application uses this UUID to reference the secret and perform tokenization operations.

Figure 10: Key UUID to perform tokenization operations