Column Level Encryption Enterprise (CLEE)

Frederic Rumeau · ‎01-15-2024

Hello everyone,

For my client, I need to upgrade from Edge Encryption to Column Level Encryption Enterprise.
I've read the documentation but I have a lot of questions.

1/ Can we migrate the encyption key from Edge Encryption to CLEE using the scheduled jobs "autoKeyMigration" & "autoDataMigration" for the data? Does this also work for attachments?

Is this good practice, or would it be better to decrypt the data & attachment, stop the Edge proxy and start a new configuration on CLEE?

2/ When you create a cryptographic module with "column level encryption" as parent, the system defaults to the "Symmetric Data Encryption/Decryption" crypto purpose with an "AES 256 CBC" algoritm.
Which algorithm should be selected to sort / filter the encrypted fields under CLEE?

Thank you for your response and support

Best Regard,

Frederic Rumeau
NOW Developer

Maik Skoddow · ‎01-15-2024

Hi @Frederic Rumeau

These are really special questions. Especially the migration from edge proxy to CLEE is a rare case, and it would be better to be consulted by ServiceNow.

Maik

Frederic Rumeau · ‎01-16-2024

Thank you @Maik Skoddow for your answer.

I was expecting a technical answer to my questions 🙄 but as you said, it's a fairly complex subject and I was hoping that some people in the community would be able to answer it.
Thanks again.

Frederic Rumeau
NOW Developer

rehankhangb · ‎10-15-2024

Hi fredic, how to keep cryptographic module with "column level encryption" as parent?
please in detail..