GlideEncrypter API Deprecation and Issues with Scoped Application

Hosen Ag
Tera Contributor

‎08-15-2024 05:45 AM

Hi all,

 

As many of you may know, ServiceNow has announced that the GlideEncrypter API, which uses the Triple DES algorithm to encrypt and decrypt strings, will be deprecated in the Zurich release (Q4-2025). They've recommended transitioning to “GlideElement - getDecryptedValue() to decrypt password2 value” method as an alternative.

 

I've tried implementing the suggested solution, but I’ve encountered some issues, and one final problem remains to be solved to achieve the expected result. Below are both the old approach and the new one I’ve attempted, along with the error message I’m receiving.It’s important to note that everything works perfectly in the global scope after updating the relevant *Module Access Policy* to "track" in the "Result" field. However, the same approach isn’t functioning as expected in the new scoped application we are currently developing and planning to release.

 

* A key point to note is that *global Script Includes* cannot be part of the scoped application we plan to publish to the store. It won’t be approved if we include them. Therefore, we can’t create a global Script Include and call it from our scoped app to retrieve data.

* I’ve also attempted to create *Cross-Scope Privileges*, but it didn’t work as expected. It’s possible I’m not configuring it correctly. Does anyone have insights on the proper way to set this up and what specifics I need to define?

 

Has anyone faced similar issues or know how to overcome this? Any guidance or solutions would be greatly appreciated!

 

Old approach: Works Fine

 

var grApiKeyCredentials = new GlideRecord('api_key_credentials');
//you can try any sys_id of any record on api_key_credentials table
var APIKeySysID = 'e670feb093009610875fb9fa6aba1061';
var decryptedAPIKey;

if (grApiKeyCredentials.get(APIKeySysID)) {
    decryptedAPIKey= new global.ScopedEncrypter().decrypt(grApiKeyCredentials.getValue('api_key'));
}

gs.info("decryptedAPIKey - " + decryptedAPIKey);

 

Output: decryptedAPIKey - **the Expected decrypted API Key value**

 

New approach:

 

var grApiKeyCredentials = new GlideRecord('api_key_credentials');
//you can try any sys_id of any record on api_key_credentials table
var APIKeySysID = 'e670feb093009610875fb9fa6aba1061';
var decryptedAPIKey;

if (grApiKeyCredentials.get(APIKeySysID)) {
    decryptedAPIKey= grApiKeyCredentials.api_key.getDecryptedValue();
}

gs.info("decryptedAPIKey - "+decryptedAPIKey);

 

 

Output : Security restricted: Access to api 'getDecryptedValue(api_key)' from scope 'x_grise_grip_secur' has been refused due to the api's cross-scope access policy.

 

Thanks in advance.

  • 3,353 Views
6 REPLIES 6

NStefanisko
Tera Expert
In response to Vamsi_Krishna07

‎12-11-2025 05:12 PM

I don't seem to have Key Management or Module Access Policies. Is it in something I have to install?

0 Helpfuls

Astrid Sapphire
Tera Expert
In response to NStefanisko

‎12-11-2025 06:15 PM

It will be installed by default, but you'll need to grant yourself permission to access it. To do so:

  1. As an admin, use the All menu to find 'System Security -> Key Management Administration' and open this module
  2. Using the slushbucket, grant appropriate administrators this permission
  3. Log out and log back in

Now, you'll be able to see the Key Management application and its child modules.

0 Helpfuls