Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Run mass encryption or decryption

Run mass encryption or decryption

Mass encryption is only available when an encrypted field configuration uses the single encryption context method. Mass decryption is available for both the single and multiple encryption context methods. Before deleting an encrypted field configuration, run a mass decryption to decrypt previously encrypted values.

Before you begin

Role required: security_admin

About this task

Mass encryption and decryption depend on the encryption contexts available to the user performing the operation.

Encryption method Available actions
If the field uses the single encryption context method You must have access to the encryption context defined in the encrypted field configuration record. If you do not have access to the encryption context, the related links in the encrypted field configuration do not display.
If the field uses the multiple encryption contexts method During mass decryption, only records encrypted with encryption contexts you have access to are decrypted. If running a mass decryption before deleting an encrypted field configuration, make sure to decrypt all records. This may require multiple security_admin users with access to different contexts or a single security_admin user with access to all relevant encryption contexts to run a mass decryption on a field.
Note: It is advised to only run mass encryption and decryption during non-peak hours as the operations are resource and time intensive.

Procedure

  1. Navigate to System Security > Field Encryption > Encrypted Field Configurations.
  2. Open the encrypted field configuration for the field you would like to mass encrypt or decrypt.
  3. Under Related Links, select an available option.
    • Run mass decryption
    • Run mass encryption
      Note: Mass encryption is only available if the encryption method is Single Encryption Context.
  4. Confirm your selection in the dialog.

Result

If running a mass encryption, all values are encrypted with the encryption context defined in the encrypted field configuration record. If running a mass decryption, only fields encrypted with an encryption context you have access to are decrypted.