Forced encryption on attachments

Kim Sullivan
Tera Guru
 

Since upgrade to Utah, all our attachments are being encrypted.  In Tokyo and before there was a checkbox here to choose to encrypt.  That is now gone and none is not the default option.

ServiceNow support says this is OOB, but I can't believe this was intended. 

2023-07-20_8-49-50.png

#encryption

#crypto

#attachments

1 ACCEPTED SOLUTION

Kim Sullivan
Tera Guru

HI told me to post on community and this was an OOB setting.  I spent another 3 hours on it and figured this out -- 

update the optional_attachment_encrypt UI macro.

OOB config:

OOB.png

 

Updated: 

Updated.png

 

You also need to comment out these lines:

KimSullivan_0-1690491092953.png

 

View solution in original post

24 REPLIES 24

Additional property:  

 

glide.attachment.encrypt_by_default

 

Export the XML before you mess with it as it can not be reverted.  Check with SN first maybe?

Eugene Severi
Tera Contributor

We tried to update the glide.attachment.encrypt_by_default value to false all ways I could think of, they all failed.

 

In the end, support needed to set the property directly on the db on our behalf. Can confirm once changed it works!

 

Files which are attached to tasks i.e. Incidents using drag/drop will no longer be encrypted by default.

Kim Sullivan
Tera Guru

Update to this -- when you use the REST step in Flow actions and choose Save As Attachment, the files are defaulting to encrypted, despite all the default encryption being turned off per this article.  I don't see a way to change this and have a case open with Support on it.

I am facing the same issue only with HR module, all the attachments are getting encypted by default when property com.glide.encryption.enable_attachment_key_ui is false in the syatem.

Modifying macro doesn't help, started happening after washigton upgrade it seems .

checked the Column Level Encryption (CLE), which is active true for HR cases but also unable to deactivate these by our own.

BelenDB
Tera Contributor

Hi @Kim Sullivan , your solution worked perfectly for me 🙂

 

Thanks a lot!! I was struggling making the -None- as default option.