Using KMF to send encrypted data between instances

Chris M3 · ‎02-22-2024

Hello,

I'm wondering if anyone has successfully set this up. The documentation around Key Exchange is a little lax in the details. I wanted to setup a POC of using this to pass some data between two of our sub-production instances, but now I'm thinking that would only work if we cloned from one sub-prod to the other? Do I need to configure the module directly in production then?

I've read through it all, but specifically I think this article is trying to explain this.

https://docs.servicenow.com/bundle/utah-platform-security/page/administer/key-management-framework/t...

Tobi8 · ‎08-09-2024

Hi,

I also tried to create a symmetric key and use Key Exchange, no luck sofar without doing a clone at least...

How should this work? Is there a way to exchange a key without cloning?

Tobi8 · ‎08-09-2024

Just saw this in the documentation:

Before you can perform this Key Exchange procedure, you must clone an instance. See System clone for more information.

Hmm, that means in order to share a key with exchange, it must be created in prod and only works after cloning?

Chris M3 · ‎08-09-2024

Hey, yeah, as far as I could tell, that was the way to do it. And I even got it to work between cloning two sub-prods. However, if I rotated the key in the source instance, the integration stopped working and I would need to clone again. I'm not sure if there was something I was missing, but I have 'given up' for now until either someone comes up with the right steps or SN improves their interfaces and documentation around these features.

Tobi8 · ‎10-10-2024

Hi,

I have same issue,
There seems to be no way to setup a symmetric key across instances without cloning first...
I haven't tried the automated key exchange that should work after cloning once, but like with the other parts, this is very vague in the documentation...