Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Now Platform capabilities
Table of Contents
Choose your release version
    Home Orlando Now Platform Capabilities Now Platform capabilities Edge Encryption Edge Encryption configuration Encrypt fields using encryption configurations

    Encrypt fields using encryption configurations

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Encrypt fields using encryption configurations

    Encrypt fields by creating encryption configurations.

    To configure Edge Encryption, you must be connected to the instance through the proxy. Test all changes on a non-production instance before making the changes to the production instance.

    Define encryption keys

    After setting up one or more proxies and configuring a default encryption key, the instance verifies that the keys are available to all proxies. You cannot make an encryption key the default key unless all proxies have the key. Once a default key is defined, you can create encryption configurations.

    Assign fields and attachments to be encrypted

    Assigning fields and attachments to be encrypted means assigning an encryption type to the field or attachment. Before marking a field as encrypted, evaluate these issues.
    • Determine what system features might be impacted.
    • Examine all scripts for use of the field.
    • Make any desired adjustments to the field size. After a field has been configured for encryption, the field size cannot be changed.

    Marking a field to be encrypted expands the field size to store the encrypted data. The process of expanding the field size can take a long time, depending on the number of records in the table.

    Create an encryption configuration

    Select the fields to be encrypted and identify the encryption type.

    Before you begin

    Role required: security_admin

    Procedure

    1. Navigate to Edge Encryption Configuration > Edge Encryption Configurations > Create New.
    2. Complete the form.
      Field Description
      Table The table that contains the field to be encrypted.
      Type Whether to encrypt a table column or attachments for the table. Select Column.
      Column The field to be encrypted. Appears only when the Type is Column.
      Only String, Date, Date/Time, Journal, Journal Input, and URL fields are supported.
      • String and URL fields: You can add an encryption configuration to either a parent table or a child table.
      • Date and Date/Time fields: You can add an encryption configuration to a parent table only. You cannot add a new encryption configuration to a child table.
      Note: Depending on the number of records affected by the Date and Date/Time fields you are encrypting, it may take up to a few minutes to create the encryption configuration. Make sure that you create the encryption configuration for Date and Date/Time fields when transaction volume on the instance is low.
      Encryption type The encryption type to use.
      Note: A specific table and field combination can have only one active configuration at a time.
    3. Click Submit.

    What to do next

    After you add the encryption configuration record, you can create an encryption job to encrypt existing data. If you do not run an encryption job, Edge encrypts the existing data the next time the data changes.

    Deactivate an encryption configuration

    After configuring a field or a table's attachments to be encrypted, you can stop encryption by deactivating the encryption configuration. After deactivating encryption, you can run a Decryption job for fields or an Attachment Decryption job for attachments to remove the encrypted data from the instance.

    Before you begin

    Role required: security_admin

    About this task

    Warning: Deactivating an encryption configuration does not delete the encryption record and the encryption type cannot be changed.

    Procedure

    1. Navigate to Edge Encryption Configuration > Edge Encryption Configurations > All.
      The Edge Encryption Configurations list is shown.
    2. Click on the encryption configuration to be deactivated.
      The Edge Encryption Configuration form is shown.
    3. Click on the Active box.
      The Active box is clear.
    4. Click Update.
      The Edge Encryption Configurations list is shown.

    What to do next

    You can run a Decryption or Attachment Decryption job to decrypt data on the instance. If you do not run a job, the encrypted data is decrypted the next time it is changed.

    Schedule an encryption job

    You can schedule a job to find and encrypt any unencrypted data in a specified field, using the default encryption key configured for the field. If you do not create an encryption job after configuring a field for encryption, only new values are encrypted.

    Before you begin

    Role required: security_admin

    Procedure

    1. Navigate to Edge Encryption Configuration > Encryption Configurations > All.
    2. Click the field that you want to schedule an encryption job for.
    3. Under Related Links, click Schedule Mass Encryption Job.

      The Scheduled Encryption Job form is shown with all fields populated. The bottom of the form shows records for any previous job executions.

    4. Fill in the fields on the form, as appropriate.
      Field Value
      Name Enter a descriptive name.
      Active Clear this check box if you want to deactivate this job.
      Job Type Select Encryption.
      Table Select a table.
      Column Select a column.
      Estimated record count Total estimated number of records to process. Populates after selecting Estimate Record Count.
      Process Historical Records Select to process historical records in the Audit table if the field is audited. When encrypting historical records for a field in the Audit table, both new values and old values are encrypted.

      To learn more about audited fields, see Auditing.

      Estimate Maximum Audit Record Count Estimated maximum number of audited records to process. Populates after selecting Estimate Record Count. This field is only visible when Process Historical Records is selected.
      Note: The estimate may be larger than the actual number of records processed.
      Run Select the period between job executions.
      Starting Enter the date and time to run the job for the first time.
    5. Click the menu icon in the form header and select Save.
    6. To see an estimated count of records to be updated, click Estimate Record Count.
    7. To run the job immediately, click Execute Now.

    Schedule a decryption job

    You can schedule a job to decrypt data in an encrypted field, to store clear data in the instance.

    Before you begin

    Note: You must mark the encryption record for the field as inactive (clear the Active box) in order to run the decryption job.

    Role required: security_admin

    Procedure

    1. Navigate to Edge Encryption Configuration > Encryption Configurations > All.
    2. Click the field that you want to decrypt.
    3. Under Related Links, click Schedule Mass Decryption Job.

      The Scheduled Encryption Job form is shown with all fields populated. The bottom of the form shows records for previous job executions.

    4. Fill in the fields on the form, as appropriate.
      Field Value
      Name Enter a descriptive name.
      Job Type Select Decryption.
      Active Clear this check box if you want to deactivate this job.
      Table Select a table.
      Column Select a column.
      Estimated record count Total estimated number of records to process. Populates after selecting Estimate Record Count.
      Process Historical Records Select to process historical records in the Audit table if the field is audited. When encrypting historical records for a field in the Audit table, both new values and old values are encrypted.

      To learn more about audited fields, see Auditing.

      Estimate Maximum Audit Record Count Estimated maximum number of audited records to process. Populates after selecting Estimate Record Count. This field is only visible when Process Historical Records is selected.
      Note: The estimate may be larger than the actual number of records processed.
      Run Select the period between job executions.
      Starting Enter the date and time to run the job for the first time.
    5. Click the menu icon in the form header and select Save.
    6. To see an estimated count of records to be updated, click Estimate Record Count.
    7. To run the job immediately, click Execute Now.

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Encrypt fields using encryption configurations

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Encrypt fields using encryption configurations

      Encrypt fields by creating encryption configurations.

      To configure Edge Encryption, you must be connected to the instance through the proxy. Test all changes on a non-production instance before making the changes to the production instance.

      Define encryption keys

      After setting up one or more proxies and configuring a default encryption key, the instance verifies that the keys are available to all proxies. You cannot make an encryption key the default key unless all proxies have the key. Once a default key is defined, you can create encryption configurations.

      Assign fields and attachments to be encrypted

      Assigning fields and attachments to be encrypted means assigning an encryption type to the field or attachment. Before marking a field as encrypted, evaluate these issues.
      • Determine what system features might be impacted.
      • Examine all scripts for use of the field.
      • Make any desired adjustments to the field size. After a field has been configured for encryption, the field size cannot be changed.

      Marking a field to be encrypted expands the field size to store the encrypted data. The process of expanding the field size can take a long time, depending on the number of records in the table.

      Create an encryption configuration

      Select the fields to be encrypted and identify the encryption type.

      Before you begin

      Role required: security_admin

      Procedure

      1. Navigate to Edge Encryption Configuration > Edge Encryption Configurations > Create New.
      2. Complete the form.
        Field Description
        Table The table that contains the field to be encrypted.
        Type Whether to encrypt a table column or attachments for the table. Select Column.
        Column The field to be encrypted. Appears only when the Type is Column.
        Only String, Date, Date/Time, Journal, Journal Input, and URL fields are supported.
        • String and URL fields: You can add an encryption configuration to either a parent table or a child table.
        • Date and Date/Time fields: You can add an encryption configuration to a parent table only. You cannot add a new encryption configuration to a child table.
        Note: Depending on the number of records affected by the Date and Date/Time fields you are encrypting, it may take up to a few minutes to create the encryption configuration. Make sure that you create the encryption configuration for Date and Date/Time fields when transaction volume on the instance is low.
        Encryption type The encryption type to use.
        Note: A specific table and field combination can have only one active configuration at a time.
      3. Click Submit.

      What to do next

      After you add the encryption configuration record, you can create an encryption job to encrypt existing data. If you do not run an encryption job, Edge encrypts the existing data the next time the data changes.

      Deactivate an encryption configuration

      After configuring a field or a table's attachments to be encrypted, you can stop encryption by deactivating the encryption configuration. After deactivating encryption, you can run a Decryption job for fields or an Attachment Decryption job for attachments to remove the encrypted data from the instance.

      Before you begin

      Role required: security_admin

      About this task

      Warning: Deactivating an encryption configuration does not delete the encryption record and the encryption type cannot be changed.

      Procedure

      1. Navigate to Edge Encryption Configuration > Edge Encryption Configurations > All.
        The Edge Encryption Configurations list is shown.
      2. Click on the encryption configuration to be deactivated.
        The Edge Encryption Configuration form is shown.
      3. Click on the Active box.
        The Active box is clear.
      4. Click Update.
        The Edge Encryption Configurations list is shown.

      What to do next

      You can run a Decryption or Attachment Decryption job to decrypt data on the instance. If you do not run a job, the encrypted data is decrypted the next time it is changed.

      Schedule an encryption job

      You can schedule a job to find and encrypt any unencrypted data in a specified field, using the default encryption key configured for the field. If you do not create an encryption job after configuring a field for encryption, only new values are encrypted.

      Before you begin

      Role required: security_admin

      Procedure

      1. Navigate to Edge Encryption Configuration > Encryption Configurations > All.
      2. Click the field that you want to schedule an encryption job for.
      3. Under Related Links, click Schedule Mass Encryption Job.

        The Scheduled Encryption Job form is shown with all fields populated. The bottom of the form shows records for any previous job executions.

      4. Fill in the fields on the form, as appropriate.
        Field Value
        Name Enter a descriptive name.
        Active Clear this check box if you want to deactivate this job.
        Job Type Select Encryption.
        Table Select a table.
        Column Select a column.
        Estimated record count Total estimated number of records to process. Populates after selecting Estimate Record Count.
        Process Historical Records Select to process historical records in the Audit table if the field is audited. When encrypting historical records for a field in the Audit table, both new values and old values are encrypted.

        To learn more about audited fields, see Auditing.

        Estimate Maximum Audit Record Count Estimated maximum number of audited records to process. Populates after selecting Estimate Record Count. This field is only visible when Process Historical Records is selected.
        Note: The estimate may be larger than the actual number of records processed.
        Run Select the period between job executions.
        Starting Enter the date and time to run the job for the first time.
      5. Click the menu icon in the form header and select Save.
      6. To see an estimated count of records to be updated, click Estimate Record Count.
      7. To run the job immediately, click Execute Now.

      Schedule a decryption job

      You can schedule a job to decrypt data in an encrypted field, to store clear data in the instance.

      Before you begin

      Note: You must mark the encryption record for the field as inactive (clear the Active box) in order to run the decryption job.

      Role required: security_admin

      Procedure

      1. Navigate to Edge Encryption Configuration > Encryption Configurations > All.
      2. Click the field that you want to decrypt.
      3. Under Related Links, click Schedule Mass Decryption Job.

        The Scheduled Encryption Job form is shown with all fields populated. The bottom of the form shows records for previous job executions.

      4. Fill in the fields on the form, as appropriate.
        Field Value
        Name Enter a descriptive name.
        Job Type Select Decryption.
        Active Clear this check box if you want to deactivate this job.
        Table Select a table.
        Column Select a column.
        Estimated record count Total estimated number of records to process. Populates after selecting Estimate Record Count.
        Process Historical Records Select to process historical records in the Audit table if the field is audited. When encrypting historical records for a field in the Audit table, both new values and old values are encrypted.

        To learn more about audited fields, see Auditing.

        Estimate Maximum Audit Record Count Estimated maximum number of audited records to process. Populates after selecting Estimate Record Count. This field is only visible when Process Historical Records is selected.
        Note: The estimate may be larger than the actual number of records processed.
        Run Select the period between job executions.
        Starting Enter the date and time to run the job for the first time.
      5. Click the menu icon in the form header and select Save.
      6. To see an estimated count of records to be updated, click Estimate Record Count.
      7. To run the job immediately, click Execute Now.

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login