GlideEncrypter API Deprecation and Issues with Scoped Application
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2024 05:45 AM
Hi all,
As many of you may know, ServiceNow has announced that the GlideEncrypter API, which uses the Triple DES algorithm to encrypt and decrypt strings, will be deprecated in the Zurich release (Q4-2025). They've recommended transitioning to “GlideElement - getDecryptedValue() to decrypt password2 value” method as an alternative.
I've tried implementing the suggested solution, but I’ve encountered some issues, and one final problem remains to be solved to achieve the expected result. Below are both the old approach and the new one I’ve attempted, along with the error message I’m receiving.It’s important to note that everything works perfectly in the global scope after updating the relevant *Module Access Policy* to "track" in the "Result" field. However, the same approach isn’t functioning as expected in the new scoped application we are currently developing and planning to release.
* A key point to note is that *global Script Includes* cannot be part of the scoped application we plan to publish to the store. It won’t be approved if we include them. Therefore, we can’t create a global Script Include and call it from our scoped app to retrieve data.
* I’ve also attempted to create *Cross-Scope Privileges*, but it didn’t work as expected. It’s possible I’m not configuring it correctly. Does anyone have insights on the proper way to set this up and what specifics I need to define?
Has anyone faced similar issues or know how to overcome this? Any guidance or solutions would be greatly appreciated!
Old approach: Works Fine
var grApiKeyCredentials = new GlideRecord('api_key_credentials');
//you can try any sys_id of any record on api_key_credentials table
var APIKeySysID = 'e670feb093009610875fb9fa6aba1061';
var decryptedAPIKey;
if (grApiKeyCredentials.get(APIKeySysID)) {
decryptedAPIKey= new global.ScopedEncrypter().decrypt(grApiKeyCredentials.getValue('api_key'));
}
gs.info("decryptedAPIKey - " + decryptedAPIKey);
Output: decryptedAPIKey - **the Expected decrypted API Key value**
New approach:
var grApiKeyCredentials = new GlideRecord('api_key_credentials');
//you can try any sys_id of any record on api_key_credentials table
var APIKeySysID = 'e670feb093009610875fb9fa6aba1061';
var decryptedAPIKey;
if (grApiKeyCredentials.get(APIKeySysID)) {
decryptedAPIKey= grApiKeyCredentials.api_key.getDecryptedValue();
}
gs.info("decryptedAPIKey - "+decryptedAPIKey);
Output : Security restricted: Access to api 'getDecryptedValue(api_key)' from scope 'x_grise_grip_secur' has been refused due to the api's cross-scope access policy.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2024 06:25 AM - edited 09-10-2024 02:24 AM
@Forum request you to help here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2024 12:10 AM
Why? It is not your question, or are you posting under different names? And don't be so annoying as to tag people in your questions. It won't get it resolved any faster.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2024 02:08 AM
Hi Mark,
I had the same question too. Instead of posting a new question, I tried catching the notice of you Experts, by tagging. I didn't know that its annoying for you !!.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2024 08:19 PM
Hi @Hosen Ag ,
Under Key Management module you can see "Module access policies" go over there and spot your record and mark it as track.
Thanks,
Vamsi
