Hello ServiceNow Community,
I am working on the Key Management Framework (KMF) module in ServiceNow and need help with using our own organization-managed key for encryption and decryption instead of the ServiceNow-generated key.
Current Setup
Cryptographic Specification:
∙ Purpose: Symmetric Data Encryption / Decryption
∙ Algorithm: AES-256 GCM
∙ Origin: ServiceNow (auto-generated key)
Requirement
We want to replace the ServiceNow-generated key with our own organization-managed key (BYOK — Bring Your Own Key).
Specifically, we need to know:
1. How to change the Key Origin from ServiceNow to a customer-imported key?
2. How to generate and wrap our own key for import?
3. How to upload the custom key into the KMF module ?
4. Are there any role or configuration prerequisites to be aware of?
Any help, documentation links, or community examples would be greatly appreciated!
Thank you in advance! 🙏
