1.0 Introduction
This document describes the steps to create a tokenization secret in Fortanix-Data-Security-Manager (DSM).
2.0 Configure Fortanix DSM
A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:
2.1 Signing Up
To get started with the Fortanix Data Security Manager (DSM) cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.
For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.
2.2 Creating an Account
Access the <Your_DSM_Service_URL> on the web browser and enter your credentials to log in to the Fortanix DSM.

Figure 1: Logging In
2.3 Creating a Group
Perform the following steps to create a group in the Fortanix DSM:
Click the Groups menu item in the DSM left navigation bar and click the + button on the Groups page to add a new group.
Figure 2: Add Groups
On the Adding new group page, enter the following details:
Title: Enter a title for your group.
Description (optional): Enter a short description for the group.
Click the SAVE button to create the new group.
The new group has been added to the Fortanix DSM successfully.
2.4 Creating a Tokenization Secret
Once the group is created, configure any of the policies for the group that are required by your organization, such as the Quorum approval policy, Key undo policy (for sensitive key operations), Cryptographic-policy, and Key custodian policy.

Figure 3: Configure DSM Policy
Add a new “Tokenization App” to the Group.
Give it a name and select the API Interface (in the following example, the Rest API is used).
Select the Authentication mechanism to be used by the application (in the example below the API Key is used).
Figure 4: Create a Tokenization App
Figure 5: Select API Interface and Authentication Mechanism
Create a Tokenization Secret in the same group created in Section 2.3: Creating a Group.
Figure 6: Create Tokenization Secret in the Same Group
Figure 7: Create a Tokenization Secret
In the Add New Security-object form,
Select GENERATE to generate a tokenization secret.
In the Choose a type section, select the key type as “Tokenization”.
Figure 8: Generate a Tokenization Object
Select the Data type to be tokenized.
Email Address
Figure 9: Tokenize Email Address
Numbers
Figure 10: Tokenize Custom Numbers
Alphanumeric
Figure 11: Tokenize Alphanumeric Characters
Enter the key size and select the key operations.
Click GENERATE to generate the key.
Figure 12: Key Size and Key Operations
You now have the Unique Identifier (UUID) of the Secret to be used by the Application to reference the Tokenization Secret and perform the tokenization operations.
Figure 13: Key UUID to Perform Tokenization Operations