Property "glide_encryption.cle_replatforming_with_kmf" does not exist

Walmag Castro S · ‎03-25-2025

Hello, everyone.

I'm investigating about the Triple DES (3DES) Encryption Deprecation.

The documented way to identify if CLE is Legacy or Starter is described on the following KB: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1700704.

However, the property "glide_encryption.cle_replatforming_with_kmf" exists only on the PROD instance, and its value is "opt_in." It shows that it was created by one of our developers, not the system. The property does not exist in subproduction instances. I tried to create it in subproduction instances, but it wasn't allowed. Can I assume that if the property is not shown on the table "sys_property", it means that the property is "opt_in" by default?

Any help will be appreciated.

Community Alums · ‎03-25-2025

Hi @Walmag Castro S ,

If the property "glide_encryption.cle_replatforming_with_kmf" which says "opt_out" that means KMF is not active. Hence, if you will need to migrate to KMF, raise a new case to support to follow the process and follow the migration steps manually.

- When the legacy CLE is in use, it has nothing to do with MAP access. Even if we try to assign a role that is added in module access policy ( ex : sn_si.admin ), the relevant field will not be visible.This requires encryption context only.

- Whereas, using KMF ( latest one ) , the MAP access applies. Hence if we assign a role which has the module access policy, that role users can see the field.

Walmag Castro S · ‎03-25-2025

Hello, @Community Alums .

I don't know if the value in "glide_encryption.cle_replatforming_with_kmf" on DEV instance is "opt_out". I can see the property only on PROD instance, and its value is "opt_in" created by a developer.

Community Alums · ‎03-25-2025

Hi @Walmag Castro S ,

In that case as i suggested above, raise a new case to support Case/ HI case with ServiceNow.