- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-28-2020 10:53 AM
We're in the need of a document about the measures taken by Service-Now to protect and secure passwords (especially Discovery Credentials). We know the encryption key itself is encrypted with a key that is stored in the program, not in the database. Also that the supported encryption formats are AES 128 Bit, AES 256 Bit, and Tripple DES, but we need a document that specifies details like (besides the above):
Describe the key credential chain
How the encryption keys (the full chain) is protected?
How is internally managed/protected to prevent any breach?
Are the keys stored on a Hardware Security Module or something similar?
What kind of encryption is used?
I already got this "Encryption support" document, but we're looking for a detailed document on how this all works with a focus on security.
https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/administer/encryption/concept/c_EncryptionSupport.html?title=Encryption_Support#Encrypting_Passwords_in_System_Properties
Thank you
Solved! Go to Solution.
- Labels:
-
Discovery
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-28-2020 12:19 PM
The information you are looking for is in KB0679355 (Credentials Encryption/MID Server and Credentials Encryption/Decryption). The KB article explains the detailed workflow on how the credentials used for Discovery and Orchestration are encrypted/decrypted in the ServicerNow platform and the MID Server. You will have to open a HI ticket to get access to this KB.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-28-2020
11:18 AM
- last edited on
‎08-27-2025
03:12 PM
by
itd-dave3
Hi jcanjura
The passwords used for local authentication are stored in ServiceNow instance database as element type "password and are hashed with "SHA-2" algorithm which is then "salted " to strengthen the protection.
Please refer the below docs.
1)Key Credential Chain:-
2)How the encryption keys (the full chain) is protected?
When using Database Encryption all data is encrypted, including attachments, logs, and backups. Keys are managed by ServiceNow using a three-level key hierarchy: 1st level: An AES-256 key is used to encrypt the data. 2nd level: An AES-256 key is used to protect the AES-256 key
3)How is internally managed/protected to prevent any breach?
please find the attchment for this:-subscription server guide.
4)Are the keys stored on a Hardware Security Module or something similar?
5)What kind of encryption is used?
Please refer this link also
Please Mark Correct and Helpful
Thanks and Regards
Gaurav Shirsat
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-28-2020 11:35 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-28-2020 12:19 PM
The information you are looking for is in KB0679355 (Credentials Encryption/MID Server and Credentials Encryption/Decryption). The KB article explains the detailed workflow on how the credentials used for Discovery and Orchestration are encrypted/decrypted in the ServicerNow platform and the MID Server. You will have to open a HI ticket to get access to this KB.
