Hi All,

We are implementing attachment encryption. For attachments uploaded from the UI, things are working fine.

However, for attachments received from unattended processes (emails, workflows), I wrote a scheduled job per https://docs.servicenow.com/bundle/helsinki-servicenow-platform/page/script/server-scripting/referen...

It does not fail, but the attachments are not encrypted. I have copied the script which only has minor changes from the one in the documentation.

Thoughts on why this may not be working?

bulkEncryption();

function bulkEncryption() {

gs.info("[bulkEncryption] BULK ENCRYPTION RUN BY " + gs.getUserName());

encryptAttachments("myapp_document", "MyApp-Attachment-Context");

gs.info("[bulkEncryption] BULK ENCRYPTION COMPLETED");

}

// Note that whomever runs this script must have access to use the specified encryption context or nothing will happen when

// "changeEncryptionContext" is called except that a warning will appear in the log: WARNING *** WARNING *** Attempt to get

// cipher for encryption context 'contextName' without authorization

function encryptAttachments(table, encryptionContextName) {

var contextGR = new GlideRecord("sys_encryption_context");

if (!contextGR.get("name", encryptionContextName)) {

gs.info("[encryptAttachments] No such encryption context " + encryptionContextName);

return 0;

}

var encryptionId = contextGR.getUniqueValue();

gs.info("[encryptAttachments] BEGIN ENCRYPTING ATTACHMENTS FOR " + table + " TABLE");

var attachmentGR = new GlideRecord("sys_attachment");

attachmentGR.addQuery("table_name", table); // only attachments for the specified table

attachmentGR.addNullQuery("encryption_context"); // only attachments not yet encrypted

attachmentGR.orderByDesc("sys_created_on");

attachmentGR.setLimit(100);

attachmentGR.query();

var count = 0;

while (attachmentGR.next()) {

var sysAttachment = new GlideSysAttachment();

sysAttachment.changeEncryptionContext(attachmentGR.getValue("table_name"), attachmentGR.getValue("table_sys_id"), attachmentGR.getUniqueValue(), encryptionId);

gs.info("[encryptAttachments] ENCRYPTED [" + attachmentGR.sys_id + "] " + attachmentGR.getValue("file_name"));

count++;

}

gs.info("[encryptAttachments] ENCRYPTED " + count + " ATTACHMENTS FOR " + table + " TABLE");

return count;

}