GlideEncrypter Deprecation

NarasimhaRC · an hour ago

Hi Team

We are currently remediating deprecated GlideEncrypter usage across our ServiceNow instance and would like guidance on the recommended replacement approach for different implementation types.

We have GlideEncrypter usage in:

- Flow Designer actions

- Business Rules

- Classic Workflows(activity)

- Script Includes

We reviewed KB1320986, KB1704481, and KB1700626, but we would like confirmation on the correct implementation pattern for each scenario.

Our current understanding is:

- Password (2 Way Encrypted) fields

→ use getDecryptedValue()

- Flow Designer script layer

→ use FlowKMFEncrypter or avoid manual decryption when REST/SOAP steps handle it automatically

- Workflow/custom encrypted values

→ use KMFCryptoOperation (KMF) only if encryption is actually required

- Plaintext workflow outputs from MID Server scripts

→ consume data.get(x).output directly without decryption

- MID/REST transport

→ continue using AutomationAPI.encrypt()

One specific case:

Our MID Server PowerShell script returns plaintext output in this format:

RETURNDATA: APPID USER PASS

Previously, workflows used:

new GlideEncrypter().decrypt(data.get(x).output)

Since the MID script does not perform encryption, we want to confirm whether:

- GlideEncrypter should simply be removed and workflow output consumed directly, OR

- KMF encryption/decryption should still be implemented on the ServiceNow workflow side if we want workflow values encrypted internally.

Looking for best-practice guidance from anyone who has already completed GlideEncrypter remediation across Flows, Business Rules, Script Includes, and Workflows.