Configure script access to encrypted data
- UpdatedJan 30, 2025
- 3 minutes to read
- Yokohama
- Now Platform Security
Execute a script to run the cryptographic module policy for a cryptographic purpose. Specific read (decrypt/unwrap) or write (encrypt, wrap) access can be defined based on the module access policy operation granularity.
Before you begin
Role required: sn_kmf.cryptographic_manager
About this task
Examples of uses are for Business Rules and Script Includes. This procedure uses a script for Business Rules.
Procedure
-
Create a cryptographic module with the symmetric data encryption/decryption algorithm.
Refer to Create a cryptographic module for details. Specific access to the data or attachment is controlled with a module access policy with the following characteristics:
- Symmetric encryption: The script is able to encrypt data but unable to decrypt the data.
- Symmetric decryption: The script is able to decrypt uploaded encrypted data or attachment but unable to encrypt data or attachments.
- Symmetric encryption and decryption: The script is able to both encrypt and decrypt data or attachments.
- Navigate to System Definition > Business Rules.
-
Click New.
-
Complete the form on the When to run tab and enter the
script on the Advanced tab:
Table 1. Business Rule fields Field Description Name Enter a name for the business rule. Table Select Incident [incident]from the drop-down list. Application Global is selected by default. Active Mark the rule as Active. Advanced Select the check box to display advanced options. When to run tab On the When to run tab, enable Insert and Update fields. Advanced tab On the Advanced tab, paste the following script text at line 3: // var gc = global.GlideCryptoModule.getModule('global.acme_mod'); var value = 'test'; var encrypted = gc.encryptData(value); gs.info('value: ' + value); gs.info('Encrypted: ' + encrypted); var decrypted = gc.decryptData(encrypted); gs.info('Decrypted: ' + decrypted); gs.info(decrypted == value);
Note: Refer to the "Business Rules Advanced Tab" image for details. - Click Submit.
-
Navigate to Key Management > Module Access Policies >
All.
Note: For additional information, refer to Create a module access policy.
- Click New.
-
Complete the form.Module Access Policies fields
Field Description Policy name Enter a name for the policy. Crypto module Click the search icon to select a module with the symmetric data encryption/decryption algorithm. Type Select Script to control access by script. Script Table Select a value from the script table drop-down list. For this example, select Business Rule [sys_script]. Target Script Select the script document for the policy. Select the Table name and then the related document for the policy. For this example, select the Business Rule that you created in previous steps. Active Select to activate the policy. Result To give the script access to the module, select Track in the Result field. -
Click Submit.
The Module Access Policy for the script is now available in the system.