Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Encrypt Unencrypted Attachments with Script

Log in to subscribe to topics and get notified when content changes.

Encrypt Unencrypted Attachments with Script

The following sample script encrypts unencrypted attachments, such as in the incident table.

bulkEncryption();
 
  function bulkEncryption() {
	gs.log("*********** BULK ENCRYPTION RUN BY " + gs.getUserName());
	encryptAttachments("incident", "testContext");
	gs.log("*********** BULK ENCRYPTION COMPLETED");
  }
 
  // Note that whomever runs this script must have access to use the specified encryption context or nothing will happen when 
  // "changeEncryptionContext" is called except that a warning will appear in the log: WARNING *** WARNING *** Attempt to get 
  // cipher for encryption context 'contextName' without authorization
  function encryptAttachments(table, encryptionContextName) {
	var contextGR = new GlideRecord("sys_encryption_context");
	contextGR.addQuery("name", encryptionContextName);
	contextGR.query();
	if (!contextGR.next()) {
		gs.log("*********** No such encryption context " + encryptionContextName);
		return 0;
	}
 
	var encryptionId = contextGR.getUniqueValue();
 
	gs.log("*********** BEGIN ENCRYPTING ATTACHMENTS FOR " + table + " TABLE");
	var attachmentGR = new GlideRecord("sys_attachment");
	attachmentGR.addQuery("table_name", table); // only attachments for the specified table
	attachmentGR.addNullQuery("encryption_context"); // only attachments not yet encrypted
	attachmentGR.query();
	var count = 0;
	while (attachmentGR.next()) {
		var sysAttachment = new GlideSysAttachment();
		sysAttachment.changeEncryptionContext(attachmentGR.getValue("table_name"), attachmentGR.getValue("table_sys_id"), 
			attachmentGR.sys_id, encryptionId);
		gs.log("*********** ENCRYPTED [" + attachmentGR.sys_id + "] " + attachmentGR.getValue("file_name"));
		count++;
	}
	gs.log("*********** ENCRYPTED " + count + " ATTACHMENTS FOR " + table + " TABLE");
	return count;
  }

To write a script changing the encryption context from one context to another, access to both contexts is required.

Feedback