Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Setup encryption contexts

Setup encryption contexts

Administrators can create an encryption context that uses an encryption key.

Before you begin

Role required: security_admin

About this task

Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.

Procedure

  1. Navigate to System Security > Field Encryption > Encryption Contexts.
  2. Click New.
  3. Complete the form.
    Field Description
    Name Name of the encryption context.
    Encryption key Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters:
    • 24 characters for 3-key Triple DES
    • 16 characters for AES 128-bit
    • 32 characters for AES 256-bit (requires system configuration)
    Warning: You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
    Type Type of encryption used to encrypt your data:
    • AES 128-bit: Advanced Encryption Standard
    • Triple DES: 3-key Triple Data Encryption Standard
    • AES 256-bit: Advanced Encryption Standard using 256-bit encryption (requires system configuration)
  4. Click Submit.

    The encryption key is encrypted with a key stored in the program, not in the database. This practice prevents other users from copying the key and using it to decrypt data.

  5. Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
  6. Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
  7. Select the encryption context to associate with the role (there can be only one encryption context per role).
  8. Click Update.

    Users must log out of the instance and log in again to use the encryption context.