Key Management Framework

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Key Management Framework

Release version: Xanadu

Updated July 31, 2025

1 minute to read

Use the Key Management Framework (KMF) to generate, exchange, store, use, and replace the cryptographic keys used to encrypt and decrypt sensitive data on your ServiceNow instance.

Key Management refers to the activities involved in handling your cryptographic keys and related security parameters during the key's life cycle. Key Management Framework is based on National Institute of Standards and Technology (NIST) 800-57 guidelines. In accordance with these guidelines, you can use KMF to:

Assign dedicated roles for cryptographic management and operations, auditing, and integration.
Create cryptographic modules to configure of cryptographic specifications for unique cryptographic purposes and key types.
- Symmetric key: encryption and decryption, key wrapping and unwrapping, and authentication
- Asymmetric key: digital signature generation and verification, encryption and decryption, key wrapping and unwrapping
Manage your key life cycle to generate, rotate, revoke, and suspend keys, including support of several key life cycle states
Create module access policies (MAPs) to enforce access controls, to grant access only to users and scripts that you choose.
Protect your cryptographic keys with the Federal Information Processing Standard (FIPS) 140-2-L3 hardware Root of Trust (RoT), Public Key Infrastructure (PKI), key hierarchy, and envelope encryption.
Assign the auditing role to users to can then view auditing information such as key usage statistics.

Get started

Exploring the Key Management Framework

Learn about the components of the Key Management Framework, and how to use them to manage how cryptographic operations are performed on your instance.

Configuring the Key Management Framework

Create and maintain Key Management components to customize and manage how cryptographic operations are performed on your ServiceNow instance.

Key Management Framework Reference

Review additional Key Management reference materials

Key Management Framework actions

One of the core features of KMF is to provide the capability  to manage  keys, such as revoking or rotating keys.  KMF properly secures sensitive data with the most up-to-date encryption materials and life cycle operations.

Activation information

The ServiceNow Platform Encryption subscription bundle is a group commercial entitlement that includes Key Management Framework, Field Encryption Enterprise, Cloud Encryption, and Database Encryption.

Field Encryption Enterprise is the unlimited license of Field Encryption. The Field Encryption Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see Encryption and Key Management subscription bundle.

Note:

KMF doesn’t support domain separation, but can be used with on-premise instances.