Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Now Platform administration
Table of Contents
Choose your release version
    Home New York Now Platform Administration Now Platform administration Platform security Encryption Encryption Support Set up encryption contexts

    Set up encryption contexts

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Set up encryption contexts

    Create an encryption context that uses an encryption key. Only users who have a role associated with the encryption context can view the data encrypted with that encryption context.

    Before you begin

    Role required: security_admin

    About this task

    Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.
    Starting with the London release, the Now Platform no longer supports creating new Triple DES keys for an Encryption Context, but continues to support previously-created Triple DES keys. Previously-created Triple DES keys are listed in the Encryption Contexts with a Type of 3DES.
    Encryption contexts: Previously-created Triple DES key

    Procedure

    1. Navigate to System Security > Field Encryption > Encryption Contexts.
      Note: Complete the setup in Activate the Encryption Support plugin to perform these steps.
    2. Click New.
    3. Complete the form.
      Field Description
      Name Name of the encryption context.
      Encryption key Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters:
      • 16 characters for AES 128-bit
      • 32 characters for AES 256-bit
      Warning: You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
      Type Type of encryption used to encrypt your data:
      • AES 128-bit: Advanced Encryption Standard
      • AES 256-bit: Advanced Encryption Standard using 256-bit encryption
    4. Click Submit.

      The newly-created encryption key is encrypted with a key the system maintains. This key is not stored in the database. This practice prevents other users from copying the key and using it to decrypt data.

    5. Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
    6. Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
    7. Select the encryption context to associate with the role (there can be only one encryption context per role).
    8. Click Update.

      You must log out of the instance and log in again to use the encryption context.

    • Add an encryption context selector

      Add an encryption context selector to the welcome banner to enable users with multiple encryption contexts to select a context when entering data.

    • Add an Encrypted Text field to a table

      Add an Encrypted Text field to a table to create a new encrypted field. Alternatively, you can encrypt existing String, Date, Date/Time, or URL fields by changing the field type to Encrypted Text. Encrypted Text fields are installed with the Encryption Support plugin.

    • Encrypt an existing field

      Create an encrypted field configuration to encrypt the value of an existing String, Date, Date/Time, or URL field using Encryption Support.

    • Run mass encryption or decryption

      Mass encryption is only available when an encrypted field configuration uses the single encryption context method. Mass decryption is available for both the single and multiple encryption context methods. Before deleting an encrypted field configuration, run a mass decryption to decrypt previously encrypted values.

    • Encrypt an attachment

      You can encrypt attachments when you attach them to records.

    • Encrypt a password in system properties

      The Encrypt SysProperty Password business rule automatically encrypts the value of any system property with the type password or password2.

    Related tasks
    • Activate the Encryption Support plugin
    Related concepts
    • Domain separation in Encryption Support
    • Demonstration plugin

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Set up encryption contexts

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Set up encryption contexts

      Create an encryption context that uses an encryption key. Only users who have a role associated with the encryption context can view the data encrypted with that encryption context.

      Before you begin

      Role required: security_admin

      About this task

      Your instance can generate an encryption key, or you can specify your own key with a certificate authority. See your certificate authority documentation for information on creating an encryption key.
      Starting with the London release, the Now Platform no longer supports creating new Triple DES keys for an Encryption Context, but continues to support previously-created Triple DES keys. Previously-created Triple DES keys are listed in the Encryption Contexts with a Type of 3DES.
      Encryption contexts: Previously-created Triple DES key

      Procedure

      1. Navigate to System Security > Field Encryption > Encryption Contexts.
        Note: Complete the setup in Activate the Encryption Support plugin to perform these steps.
      2. Click New.
      3. Complete the form.
        Field Description
        Name Name of the encryption context.
        Encryption key Key used to encrypt the data. Leave this field blank to randomly generate a key. Based on the desired type of encryption, enter the exact number of characters:
        • 16 characters for AES 128-bit
        • 32 characters for AES 256-bit
        Warning: You cannot retrieve this key from the instance. If you need access to the key, save it elsewhere before clicking Submit.
        Type Type of encryption used to encrypt your data:
        • AES 128-bit: Advanced Encryption Standard
        • AES 256-bit: Advanced Encryption Standard using 256-bit encryption
      4. Click Submit.

        The newly-created encryption key is encrypted with a key the system maintains. This key is not stored in the database. This practice prevents other users from copying the key and using it to decrypt data.

      5. Navigate to System Security > Roles and open the role record to associate with the encryption context, or create a new role.
      6. Right-click the form header and select Configure > Form Layout to configure the Roles form to add the Encryption context field.
      7. Select the encryption context to associate with the role (there can be only one encryption context per role).
      8. Click Update.

        You must log out of the instance and log in again to use the encryption context.

      • Add an encryption context selector

        Add an encryption context selector to the welcome banner to enable users with multiple encryption contexts to select a context when entering data.

      • Add an Encrypted Text field to a table

        Add an Encrypted Text field to a table to create a new encrypted field. Alternatively, you can encrypt existing String, Date, Date/Time, or URL fields by changing the field type to Encrypted Text. Encrypted Text fields are installed with the Encryption Support plugin.

      • Encrypt an existing field

        Create an encrypted field configuration to encrypt the value of an existing String, Date, Date/Time, or URL field using Encryption Support.

      • Run mass encryption or decryption

        Mass encryption is only available when an encrypted field configuration uses the single encryption context method. Mass decryption is available for both the single and multiple encryption context methods. Before deleting an encrypted field configuration, run a mass decryption to decrypt previously encrypted values.

      • Encrypt an attachment

        You can encrypt attachments when you attach them to records.

      • Encrypt a password in system properties

        The Encrypt SysProperty Password business rule automatically encrypts the value of any system property with the type password or password2.

      Related tasks
      • Activate the Encryption Support plugin
      Related concepts
      • Domain separation in Encryption Support
      • Demonstration plugin

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login