Is Instance_level_glide_encrypter a system property and where is it in the instance?

Rain Vaine
Kilo Sage

Hello experts,

For the processing of 3DES deprecation, they stated that there is a mandatory configurations to be in place. Based on the lists, there is a step - "Check if “Instance_level_glide_encrypter” KMF password2 sub-module MAPs is set to track. ". I tried looking for Instance_level_glide_encrypter in the system property but I cannot find it and I also tried looking for more information about that topic but I cannot seem to find it.
Does anyone of you know what is Instance_level_glide_encrypter and what does it do?

Regards,
Vaine

1 ACCEPTED SOLUTION

Maik Skoddow
Tera Patron
Tera Patron

Hi @Rain Vaine 

 

this is not a system property but a crypto module. Go to table sys_kmf_crypto_module and check whether the module "instance_level_glide_encrypter" is set to "Track":

 

MaikSkoddow_0-1702558095167.png

 

 Maik

View solution in original post

9 REPLIES 9

Hi @Rain Vaine 

with the introduction of KMF framework, you have to think about which user groups you have in your instance that are assigned some special roles. In my customer instances, I have two different user groups: "System Administrators" (has at least the "admin" role) and "Security Administrators" (has the "security_admin" and the "sn_kmf.admin" roles). Keeping these two groups separated is also a recommendation of ServiceNow. And to answer your question: It is not about assigning and removing a role but to have a clear user group and role concept and user which are assigned to the respective groups to be able fulfilling their tasks and responsibilities. 

Maik

Hello,


Thanks for giving expounded explanations. All your advice is noted. But in our case we would just like to check on ["instance_level_glide_encrypter" is set to "Track"]. Since we are not really using KMF in our instance, we don't have anyone assigned with "sn_kmf.admin". 
That is why I am not sure if there will be an impact if I tried to assign an "sn_kmf.admin" to my admin account just to check on crypto modules and then remove the role back.
I am not sure if assigning a role to a certain will trigger or activate anything in our instance.

Regards,
Vaine

Hi @Rain Vaine 

you said "Since we are not really using KMF in our instance", but that's not correct. The KMF is the new standard for encrypting, and every single instance is already using it. Therefore, you do have to make familiar with its concepts. And no, just assigning a role will not trigger or activate any evil feature in your instance. Never.

Maik

Hello,
Thanks very much. This is much appreciated.

Regards,
Vaine

Hello @Maik Skoddow , thanks so much for all this info! Super helpful! 🙂