Key Management release notes

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Key Management Release Notes

    The ServiceNow® Encryption Key Management application enhances data protection through encryption, controlled key access, and NIST 800-57-based key lifecycle management. The Australia release introduces significant updates and features aimed at improving the management of encryption keys and cryptographic operations.

    Show full answer Show less

    Key Features

    • SHA512 Support: GlideDigest now supports creation and verification of message digests using the SHA512 cryptographic hash function.
    • Offline Key Sharing: Admins can share module keys offline to facilitate cloning between on-premise instances using the Key Management Framework (KMF).
    • JWT Operations: Signing and verification of JSON web tokens (JWTs) are now integrated into the KMFCryptoOperation class.
    • Crypto Management Console: A centralized console to streamline and monitor the certificate management lifecycle, displaying certificate details in one location.
    • Cloning and Restoring Support: Enhanced support for cloning and restoring on-premise instances, including migration capabilities between commercial and on-premise instances.
    • CRL Validation: Support for Certificate Revocation List (CRL) validation, providing an alternative to Online Certificate Status Protocol (OCSP) checks.
    • Streamlined Module Creation: Updated workflow for the creation of cryptographic modules, making the process faster and easier.
    • SecurityUtils Enhancements: Improvements to the SecurityUtils API to mitigate cross-site scripting attacks, including input sanitization methods.

    Key Outcomes

    Customers upgrading to the Australia release can expect enhanced security and efficiency in managing encryption processes. Notably, the GlideEncrypter API will transition to using AES256-GCM encryption, aligning with NIST recommendations. The new features will facilitate improved key management and cryptographic operations while maintaining compliance with security standards.

    The ServiceNow® Encryption Key Management application protects your data by using encryption, tightly controlled key access, National Institute of Standards and Technology (NIST) 800-57-based key life-cycle management, and FIPS 140-2-L3 key protection. Encryption Key Management was enhanced and updated in the Australia release.

    Encryption Key Management highlights for the Australia release

    • GlideDigest has been updated to allow creation and verification of message digests using the SHA512 cryptographic hash function
    • Admins can share module keys between instances offline to facilitate instance clones between on-premise instances using KMF.
    • The signing and verification processes for JWTs are now integrated as operation types in the existing KMFCryptoOperation class.

    See Key Management Framework for more information.

    Important information for upgrading to Australia

    • In pre-Zurich releases, the GlideEncrypter API used the three-key Triple Data Encryption Standard (3DES) encryption standard, which NIST 800-131A Rev 2 has recommended against using after 2023. The following changes are taking place in the Australia release in preparation for a full deprecation of GlideEncrypter/3DES in the future:
      • New Australia instances can’t use GlideEncrypter. All base system scripts have been changed to use alternative encryption processes.
      • if you’re upgrading your Australia instances, you can still GlideEncrypter, which has been updated to use AES256-GCM encryption via the Key Management Framework.
      • Learn more about 3DES deprecation in KB1704481.

    New in the Australia release

    Added SHA512 support for message digests
    GlideDigest has been updated to allow creation and verification of message digests using the SHA512 cryptographic hash function.
    Offline key exchange to share module keys between instances
    Admins can share module keys between instances offline to facilitate instance clones between on-premise instances using KMF.
    Sign and verify JSON web tokens (JWT) through KMFCryptoOperation
    The signing and verification processes for JWTs are now integrated as operation types in the existing KMFCryptoOperation class.
    Centralized Crypto Management console
    Use the new Crypto Management Console to streamline and track the certificate management lifecycle. The new console scans your instance for certificates and displays their details in a central location,
    Clone and restore support for on-premise instances
    Support for cloning and restoring on-premise instances. Support has also been added from migrating a commercial instance to on-premise instances, and vice-versa.
    Certificate Revocation List (CRL) validation support
    ServiceNow now supports Certificate Revocation List (CRL) validation for certificate revocation checks as an alternative to Online Certificate Status Protocol (OCSP), with automatic fallback when OCSP is unavailable.

    Changed in this release

    Updated workflow for creating cryptographic modules
    Use the streamlined workflow designed for faster, easier creation of cryptographic modules.
    SecurityUtils Enhancements
    The SecurityUtils API has been enhanced to help prevent cross-site scripting attacks, including methods to sanitize and escape input.

    Activation information

    The Platform Encryption subscription bundle is a group commercial entitlement that includes Field Encryption Enterprise and Cloud Encryption.

    Field Encryption Enterprise is the unlimited license of Field Encryption. The Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle.