Key management transactions

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Key management transactions

    The Key Management Transactions submodule in ServiceNow tracks all key-related operations within your instance by displaying detailed transaction records. Each key transaction consists of multiple request steps sharing a unique Request ID. The initial request step (sequence 0) indicates the overall transaction status, while subsequent steps detail the progress and outcome of each part of the operation.

    Show full answer Show less

    Key Features

    • Request ID: A unique identifier shared across all steps of a key transaction.
    • Request Action and Status: Shows the type of key operation and its current state—Processing, Completed, or Failed. Failed requests require contacting Customer Service with the request number.
    • Key Alias and Key Life-cycle State: Identifiers and states that align with the ServiceNow Key Management Framework.
    • Key Version: Incremented when a key rotates to track changes.
    • Request Sequence and Step: Order and type of each processing step involved in the transaction, which vary depending on the key operation.

    Request Steps Explained

    The system processes key operations through specific request steps, such as:

    • requestpreparation: Initiates the request and prepares key wrapping and rotation.
    • requestintegritycheck: Validates request legitimacy and security.
    • requestvalidation: Ensures only one rotate request is active at a time.
    • attachmentprocess: Extracts wrapped key material (for Customer Managed keys).
    • hsm<key type>upload: Uploads wrapped key material to the HSM (KeySecure).
    • keymetadatarotate: Generates new key metadata.
    • postrotaterequest and postrotateresponse: Coordinates and confirms the key rotation process.

    Each step has a status of Completed or Failed; failure in any step beyond the initial results in an overall transaction failure. Customers should provide the specific request step to Customer Service for troubleshooting.

    Practical Benefits for ServiceNow Customers

    • Visibility into every stage of key management operations ensures transparency and easier troubleshooting.
    • Clear status indicators help identify successful rotations or pinpoint failures promptly.
    • Detailed step-level tracking facilitates communication with Support by providing precise failure points.
    • Supports both ServiceNow-managed and Customer-managed keys with specific handling steps.

    The Key Management Transactions submodule displays all transactions that have occurred for the keys in your ServiceNow instance.

    • A key transaction is defined by the following:
      • composed of several request steps.
      • A single Request ID is shared across all request steps.
      • The initial step, request sequence 0, of a transaction provides the current state of the overall transaction.

        As seen in the image below, the initial step 0 has an overall Request Status of Completed.

    • The following can be identified for the transaction by the individual request step:
      • The order of each step in a transaction can be identified by the sequence number for the step.
      • The status of each transaction is visible through the status of the request step.
      • If any steps beyond the initial step fail, the overall transaction has a status of Failed. If all steps are completed, the transaction status is also completed.

    The following screen is a sample of the type of information that displays with a ServiceNow key rotation.

    Displays the key management transactions upon rotation.

    The following table displays the field information available on the Key Managements Transactions page.

    Table 1. Key Management Transactions
    Field Description
    Request ID Unique system-generated Id for the action being performed One request ID is shared across all request steps.
    Request action Displays the action for the key operation being performed.
    Request status
    • Processing: A request has been entered but hasn’t yet been completed.
    • Completed: The request has been completed successfully.
    • Failed: An issue occurred and the process hasn’t been completed.
      Note:
      Contact Customer Service and Support and provide the request number where the failure occurred.
    Key alias Alphanumeric entry.
    Key life-cycle state See Key Management Framework key life-cycle states for definitions.
    Origin
    • ServiceNow key
    • Customer-managed key
    Key version When a key rotates, the version number increments.
    Request sequence Displays the order in which a request is being processed in the system.
    Request step Displays whether a step is being processed in the system during key rotation. The quantity and content of the steps vary based on the type of key operation performed.
    1. request_preparation: Creates a request to trigger and the wrapping and rotation.
    2. request_integrity_check: Validates that the request is legitimate and secure.
    3. request_validation: Validates that there’s a request in progress, only one rotate request can be processed at a time.
    4. attachment_process: Extracts the wrapped key material from the attachment. (Additional step when rotating a Customer Managed key.)
    5. hsm_<key type>_upload: Uploads the wrapped key material to the HSM, KeySecure.
    6. key_metadata_rotate: Generates the new key metadata.
    7. post_rotate_request: Sends a request to perform the key rotation.
    8. post_rotate_response: Response to perform the key rotation based on the request from the customer instance.
    Note:
    Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.
    Request step status
    • Completed: Rotation is successful.
    • Failed: Rotation isn’t successful.
      Note:
      Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.