Hi Jason,

If you haven't already, please also make sure that the "Active" checkbox is checked before saving your encryption configuration. By default, the "Active" checkbox is checked when creating a new encryption configuration. For attachments, you can use the standard encryption type (fully salted) AES128-bit or AES 256-bit encryption. As long as the encryption configuration is set to be active, new attachments will be automatically encrypted for records in the destination table. You can also schedule an attachment encryption job to encrypt unencrypted attachments for a specific table. If needed, you can also schedule an attachment decryption job to decrypt encrypted attachments for a specific table. The step-by-step instructions are available through the embedded links in this reply. The net result is that the entire file attachment gets encrypted.

One thing you would notice through a web browser user interface is that only when connecting through the Edge Encryption proxy can an encrypted attachment be viewed or downloaded. If you were to bypass the Edge Encryption proxy, you would only be able to see that the record has an attachment and not be able to view nor download the attachment.

Akin to the process for encrypting and decrypting of fields, attachments must also pass through the Edge Encryption proxy that resides in your network before they are sent to your ServiceNow instance.

Please kindly let me know if this helps clarify how attachments work with Edge Encryption.

Kind regards,

Mike