Code Signing

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Code Signing creates digital signatures for the data which later are checked to confirm the authenticity and integrity of the data. Code Signing is a module licensed as a component of ServiceNow Vault.

    Code signing and Circle of Trust

    The Circle of Trust (COT) is a prerequisite for Code Signing that creates secure communication between your trusted and protected instances to ensure that only authorized users can access the Code Signing feature.

    Multiple security measures help to prevent malicious actors from disabling or misusing code signing in the case a protected instance is compromised. As part of the defense-in-depth strategy, the COT uses the following components:

    • Controls that restrict even the most powerful administrator accounts are established in the protected instance to help protect Code Signing processes and configuration.
    • Trusted instances are required to work together with protected instances to establish the Circle of Trust relationship. At least one trusted instance is required, but multiple trusted instances may be configured to collaborate with the protected instance.
      Figure 1. Circle of Trust overview
      Circle of trust diagram.

      The Circle of Trust uses jobs, scripts, and business rules along with a key pair to generate signatures to sign update sets to the protected instance. When the job is called, the signature is verified along with the trusted certificate to execute protected instance updates.

      Figure 2. Trusted update sets process
      Diagram that shows the trusted update sets process.
      Figure 3. Code Signing flow
      Diagram that shows the different workflows for code signing.

    The Circle of Trust requires an initial trust relationship between trusted and protected instances that prevents any unauthorized user with any authorization level from accessing unapproved activities.

    Get started

    Troubleshoot and get help