Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Encryption rules

Encryption rules

It may be necessary to write encryption rules when you want to encrypt data passed as part of GET and POST requests to processors or APIs on the instance. You can create rules for mapping elements of fields in requests to Glide table-field names.

Edge Encryption uses encryption rules executed on the proxy to map fields in an HTTP request to fields in a table. Each encryption rule is composed of a condition and an action. The condition identifies the type of request, and the action performs the mapping from fields in the request to fields in a table.

A set of encryption rules is installed as part of the Edge Encryption plugin. These rules handle the core platform use cases such as editing a field from the list edit form, and updating a record from the record form, direct web services, and REST API. Applications created using standard forms and lists should work without custom encryption rules.

If you develop scripted processors, scripted web services, scripted REST APIs, UIs, or Ajax scripts that contain data that must be encrypted, you must write encryption rules to find and map the data to Glide table-field names.

You must have the security-admin role to create a rule. The script is checked for compliance with JavaScript syntax before the rule is saved.

Except for attachment requests, each HTTP request goes through the process of executing the encryption rule conditions until either all conditions return false, or one condition returns true. When a condition returns true, the action part of the rule is run, and the result is forwarded to the instance. No other conditions are evaluated. As a result, encryption rule conditions must be as specific as possible to avoid inadvertently satisfying the condition. If a generic condition for a rule is unavoidable, the rule should be marked with a high order value so that more specific rules are evaluated first.

Encryption rules are written using a combination of JavaScript and the Edge Encryption API that lets you easily iterate through post parameters, and JSON and XML content in the request body. The API uses expressions similar to XPath to navigate through both JSON and XML content.

The API uses stream parsing to parse JSON and XML data, so operations on the data in the action part of an encryption rule should process the data in one pass. Trying to fetch and parse the content of the request body multiple times may lead to unexpected results.

When creating encryption rules, you cannot use Glide APIs, script includes, business rules, or any global parameters such as current. Because the rules are created for HTTP POST and HTTP GET objects, a global request variable is available.

When creating encryption rules, you cannot use APIs from the white list manager or scoped applications.