Using Fortanix Data Security Manager to Create Tokenization Secret

  • Updated on Mar 12, 2025
  • Published on Jun 27, 2024
  • 2 minute(s) read

1.0 Introduction

This document describes the steps to create a tokenization secret in Fortanix-Data-Security-Manager (DSM).

2.0 Configure Fortanix DSM

A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:

2.1 Signing Up

To get started with the Fortanix Data Security Manager (DSM) cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.

For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.

2.2 Creating an Account

Access the <Your_DSM_Service_URL> on the web browser and enter your credentials to log in to the Fortanix DSM.

Figure 1: Logging In

2.3 Creating a Group

Perform the following steps to create a group in the Fortanix DSM:

  1. Click the Groups menu item in the DSM left navigation bar and click the + button on the Groups page to add a new group.

    Figure 2: Add Groups

  2. On the Adding new group page, enter the following details:

    • Title: Enter a title for your group.

    • Description (optional): Enter a short description for the group.

  3. Click the SAVE button to create the new group.

The new group has been added to the Fortanix DSM successfully.

2.4 Creating a Tokenization Secret

Once the group is created, configure any of the policies for the group that are required by your organization, such as the Quorum approval policy, Key undo policy (for sensitive key operations), Cryptographic-policy, and Key custodian policy.

ConfigureDSMPolicy.png

Figure 3: Configure DSM Policy

  1. Add a new “Tokenization App” to the Group.

    1. Give it a name and select the API Interface (in the following example, the Rest API is used).

    2. Select the Authentication mechanism to be used by the application (in the example below the API Key is used).

      CreateTokenizationApp.png

      Figure 4: Create a Tokenization App

      CreateTokenizationApp1.png

      Figure 5: Select API Interface and Authentication Mechanism

  2. Create a Tokenization Secret in the same group created in Section 2.3: Creating a Group.

    CreateTokenizationSecret.png

    Figure 6: Create Tokenization Secret in the Same Group

    CreateTokenizationSecret1.png

    Figure 7: Create a Tokenization Secret

  3. In the Add New Security-object form,

    1. Select GENERATE to generate a tokenization secret.

    2. In the Choose a type section, select the key type as “Tokenization”.

      GenerateTokenizationObject.png

      Figure 8: Generate a Tokenization Object

    3. Select the Data type to be tokenized.

      • Email Address

        EmailTokenization.png

        Figure 9: Tokenize Email Address

      • Numbers

        CustomTokenization.png

        Figure 10: Tokenize Custom Numbers

      • Alphanumeric

        AlphanumericTokenization.png

        Figure 11: Tokenize Alphanumeric Characters

    4. Enter the key size and select the key operations.

  4. Click GENERATE to generate the key.

    GenerateKey.png

    Figure 12: Key Size and Key Operations

    You now have the Unique Identifier (UUID) of the Secret to be used by the Application to reference the Tokenization Secret and perform the tokenization operations.

    KeyUUID.png

    Figure 13: Key UUID to Perform Tokenization Operations

Related articles