Consolidated page of all release notes for Encryption Key Management from Washington DC to Xanadu.
How to use this page
To help you prepare for your upgrade, we have combined the cross-family Encryption Key Management release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Washington DC to Xanadu.
Tip: If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."
Important information for upgrading Encryption Key Management to Xanadu
Before you upgrade to Xanadu, review these pre- and post-upgrade tasks and complete the tasks as needed.
| Release |
Release notes |
Washington DC |
If you upgrade your instance to Washington DC but don’t upgrade your MID Server, Secrets Management authentication fails. Avoid authentication failures by upgrading your MID Server to Washington DC. If you can’t upgrade, you must turn off authentication until MID Server is upgraded to Washington DC to avoid authentication failures.
For details on MID Server upgrades, see MID Server upgrades.
|
Xanadu |
No updates for this release. |
New features
Between your current release family and Xanadu, new features were introduced for Encryption Key Management.
| Release |
Release notes |
Washington DC |
- PostgreSQL database support
- Support the PostgreSQL databases for primary, secondary, read replica, gateway (shard), and Logical Corruption Protection (LCP) databases for cloud encryption. LCP databases are a variant of the read replica database.
- Trusted timestamps within the Code Signing framework
- View when a signature is issued by using timestamped Key Management Framework (KMF) Signature [sn_kmf_record_signature] records.
- Reusable key for agent-to-agent credential sharing
- Configure client-side asymmetric key pairs for API authentication. With the reusable key feature, every conceptual cryptographic module has only one active conceptual key at any point, generated on the client side and
wrapped with its respective public key.
- Simplified process for 3DES deprecation
- Remove GlideEncrypter by using the guidance from the improved user interface for 3DES deprecation. Within the critical update app in Security Center, you can find information about the full and partial deprecation of 3DES,
and view all impacted legacy password2 fields before deprecating 3DES.
- Property-driven multi-layer caller inspection for Code Signing
- Increase the number of caller layers to be validated during the ECC queue notarization to improve security. Starting in Washington DC, the number of validated caller layers is driven by a system property.
- Switch between ServiceNow Root of Trust (ROT) and your own ROT
- Switch between ServiceNow Root of Trust (ROT) and your own ROT.
|
Xanadu |
|
Changes
Between your current release family and Xanadu, some changes were made to existing Encryption Key Management features.
| Release |
Release notes |
Washington DC |
- Web Service Consumer plugin tables reject access by default
- To improve security, default access to tables in the Web Service Consumer (com.glide.web_service_consumer) plugin are set to Reject. The following tables are affected.
- sys_rest_message
- sys_rest_message_fn
- sys_auth_profile_basic
- sys_auth_profile_oauth2
- sys_soap_message
- sys_soap_message_function
- ws_security_x509_profile_outbound
- ws_security_username_profile_outbound
Default access to tables in the External App Authentication (com.glide.external.app) plugin are also set to Reject. The following tables are affected.
- token_verification
- hash_message_verification
|
Xanadu |
- Changes to Code Signing requirements
- As a part of improving security around Root of Trust, signing of script and attachments records can only be done on your trusted non-production instance or using the standalone signing tool. The exception is notarization,
which can still be performed in the protected production instance.
- Enhancement requests for the Code Signing Standalone signing tool
- Updates to Code Signing enable your administrators to work with keystores, signature records, and records to be signed outside of the local system.
- Improved activation process for Code Signing
- Activate Code signing with a new UI page that is designed to streamline the activation process.
- Download All Button for Multiple Attachments is available when Edge Encryption is enabled
- By using the download all functionality, you can now download multiple documents into a zip file when you also enable Edge Encryption.
- Edge Encryption jRobin dashboards have been migrated to NEXT Experience
- View
troubleshooting
and performance on dashboards that were migrated from the deprecated jRobin framework. These dashboards display the same information that was available in previous versions.
- Column Level Encryption Enterprise is installable by administrators after purchase
- After purchasing Column Level Encryption Enterprise, your administrator can typically activate the product without needing technical assistance.
- Support for full string UTF-8 in Column Level Encryption
- CLE supports encryption and decryption of the full range of UTF-8 characters, including emoji.
- Improved readability for Column Level Encryption logging
- With the improved system, node, application, and audit logging, your administrators can analyze and troubleshoot their CLE or CLEE implementation.
|
Removed
Between your current release family and Xanadu, some Encryption Key Management features or functionality were removed.
| Release |
Release notes |
Washington DC |
No updates for this release. |
Xanadu |
No updates for this release. |
Deprecations
Between your current release family and Xanadu, some Encryption Key Management features or functionality were deprecated.
| Release |
Release notes |
Washington DC |
Starting with the Washington DC release, Database Encryption is being prepared for future deprecation. Cloud Encryption is the replacement solution for data at rest encryption. For details, see Encryption and Key Management.
|
Xanadu |
No updates for this release. |
Activation information
Review information on how to activate Encryption Key Management.
| Release |
Release notes |
Washington DC |
The Platform Encryption subscription bundle is a group commercial entitlement that includes Column Level Encryption Enterprise, Cloud Encryption, and Database Encryption.
Column Level Encryption Enterprise is the unlimited license of Column Level Encryption. The Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle.
|
Xanadu |
The Platform Encryption subscription bundle is a group commercial entitlement that includes Column Level Encryption Enterprise, Cloud Encryption, and Database Encryption.
Column Level Encryption Enterprise is the unlimited license of Column Level Encryption. The Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle.
|
Additional requirements
If any additional requirements were introduced or changed for Encryption Key Management we have noted them here.
| Release |
Release notes |
Washington DC |
No updates for this release. |
Xanadu |
No updates for this release. |
Browser requirements
If any specific browser requirements were introduced or changed for Encryption Key Management we have noted them here.
| Release |
Release notes |
Washington DC |
No updates for this release. |
Xanadu |
No updates for this release. |
Accessibility information
Review details on accessibility information for Encryption Key Management, such as specific requirements or compliance levels.
| Release |
Release notes |
Washington DC |
No updates for this release. |
Xanadu |
No updates for this release. |
Localization information
If there are specific localization considerations for Encryption Key Management we have noted them here.
| Release |
Release notes |
Washington DC |
No updates for this release. |
Xanadu |
No updates for this release. |
Highlight information
If there are specific highlight considerations for Encryption Key Management we have noted them here.
| Release |
Release notes |
Washington DC |
- Support the PostgreSQL databases for primary, secondary, read replica, gateway (shard), and Logical Corruption Protection (LCP) databases for cloud encryption. LCP databases are a variant of the read replica database.
- View when a signature is issued by using timestamped Key Management Framework (KMF) Signature [sn_kmf_record_signature] records.
- Remove GlideEncrypter by using the guidance from the improved user interface for 3DES deprecation. Within the critical update app in Security Center, you can find information about the full and partial deprecation of 3DES, and
view all impacted legacy password2 fields before deprecating 3DES.
See Encryption and Key Management for more information.
|
Xanadu |
- Start using Code Signing's
improved
activation process. You can use the
new
Code Signing UI page for a faster, streamlined activation.
- Administer Column Level Encryption with new Column Level Encryption APIs, roles, and administration features. Column Level Encryption logging has been enhanced for improved readability.
- Download all encrypted attachments as a zip file by using the new Download All button.
See Key Management Framework for more information.
|