Encryption context not working in transform map.

Go to solution
pratulagarwal
Mega Expert

‎12-24-2014 10:19 AM

I am trying to enter some data into an encrypted field and set a particular encrytion context .

I am trying to do this in the transform map script. But the setting up of encryption context is not working. I am not sure what am i doing wrong.

The transform is triggered by soap message .

Please find the script below.

function getEncryptionID(encryptionName) {                                                                     // SPI is the name of the encryption context

    var contextGR = new GlideRecord("sys_encryption_context");

  contextGR.addQuery("name", encryptionName);

  contextGR.query();

    if (!contextGR.next()) {

  gs.log("*********** No such encryption context " + encryptionContextName);

    return "";

  }

    return contextGR.getUniqueValue();

}

var encryptionID = getEncryptionID("SPI");

target.u_encrypted_notes.setContextID(encryptionID);

http://wiki.servicenow.com/index.php?title=Encryption_Scripting


This script is taken from the above wiki article.


Regards

Pratul Agarwal

Labels:
0 Helpfuls
  • 2,681 Views
1 ACCEPTED SOLUTION

Go to solution
pratulagarwal
Mega Expert
In response to ty_roach

‎12-24-2015 12:56 AM

Hi Ty,



The setContextID function was not working for me in Eureka, so if the issue is still persisting with the setContextID function then you can use the below lines of code.



GlideSession.get().getEncryptionContext().setCurrent(encryptionID);


target.u_encrypted_notes.setDisplayValue("String");



Regards


Pratul Agarwal


View solution in original post

7 REPLIES 7

Go to solution
David OBrien
Kilo Guru

‎12-29-2014 01:59 PM

You aren't able to use encryption without being an interactive user that has the encryption.   For example, you could run a script in a business rule before or after update that would work when a user with access to the encryption context saves the record.   However, you couldn't do in as an async business rule because that uses impersonation (noted in the article you reference).



There is a way around this to encrypt data by using a remote glide record to update the encrypted data that does allow you to impersonate.   There is an update set on ServiceNow Share - Easy Encryption that you can use (Easy Encryption).




Based on that update, I actually just created a script include that I could call to update a single record.   You just pass it the record you want to update, which field, and the data to go into that field.   Obviously you would need to update the instance, username and password to a user that has the needed encryption context.   I would recommend actually using a system property at least for the password so it can remain encrypted and modifying line 9 to be something like:


var password = gs.getProperty('encryption.password');



var secureData = Class.create();



secureData.prototype = {



   initialize: function() {



   },



   setEncryptedFields : function(record,field,data){



   var table_name = current.getTableName();



   var instance = 'https://<instancename>.service-now.com';



   var username = 'user';



   var password = 'pass';



   var rgr = new GlideRemoteGlideRecord(instance,table_name);



   rgr.setBasicAuth(username,password);



   rgr.addQuery('sys_id',record);



   rgr.query();



   if (rgr.next()){



   rgr.setValue(field,data);



   rgr.update();



   }



},






   type: 'secureData'



};


Obviously you would need to update the instance, username and password to a user that has the needed encryption context.   I would recommend actually using a system property at least for the password so it can remain encrypted and modifying line 9 to be something like:


var password = gs.getProperty('encryption.password');  



When I have set this up in the past, I actually had the instance, username and password all as system properties.



To use:


var secure = new secureData();



secure.setEncryptedFields(current.sys_id,'<field_name>','<data to encrypt>');


Hope that helps.


0 Helpfuls

Go to solution
pratulagarwal
Mega Expert
In response to David OBrien

‎01-01-2015 07:33 AM

Hi David,



I am not running an ASYNC rule, so my field is getting encrypted in the script if the user running the script has only one encryption context , but the same is not working if the user has more than one encryption context.



Regrads


Pratul Agarwal


0 Helpfuls

Go to solution
David OBrien
Kilo Guru
In response to pratulagarwal

‎01-02-2015 12:07 PM

Sorry, I misunderstood.   I wouldn't have thought a transform map triggered by a SOAP message would actually allow you to use an encryption context to start with.


0 Helpfuls

Go to solution
ty_roach
Tera Guru

‎10-31-2015 07:53 PM

Pratual,



I had this same exact problem.   The wiki article is missing a very important line of code.



Assuming that you are trying to set the value of target.u_encrypted_notes, you would do the following:



var val = target.getElement('u_encrypted_notes');
val.setDisplayValue('some-value-here');
val.setContextID(encryptionID);


Please mark this answer correct if it works for you.   Took me forever to figure this one out.



Ty