Alternatives to Deprecated GlideCryptoService APIs *** Content of this article is applicable from Vancouver Patch 1 release or higher. No Action Required on Release Versions less than Vancouver Patch 1 *** Note: All out of box (ServiceNow code) usages of GlideCryptoService API will be addressed by ServiceNow in Washington release. GlideCryptoService/CryptoService APIs are deprecated with a goal to improve security of the platform and your instance. As part of the phased deprecation of the APIs, its usages are to be removed from platform and application code bases and replaced with platform alternatives that are more secure and use performant algorithms. Here’s what you can expect ServiceNow offers alternative cryptographic solutions to the GlideCryptoService API. Key Management Framework Please be aware that: New instance installations and re-installations (zboots) will not be permitted to use the GlideCryptoService API beginning with the Now Platform® Washington D.C. release, planned for March 2024). Existing instances will not be permitted to use the GlideCryptoService API beginning with the Now Platform® Yokohama release, planned for March 2025. Understand the impact to your instance To identify where GlideCryptoService is used on your instance, run the scan check tool. Find this tool on your instance by navigating to Scan > Suites > Deprecated APIs > Deprecated API: GlideCryptoService. Find more information on Instance Scan here. The scan results show each usage, with the source and a proposed resolution using alternative encryption methods listed below. Platform alternative Platform encryption APIs and products to consider for the alternative are: Key Management Framework (KMF) API/Use cases Custom usage to encrypt/decrypt data Example usage Get cryptoservice: var cs = GlideCryptoService.getInstance(); Encrypt using encryptWithAnyKeyProvider var encryptedData = cs.encryptWithAnyKeyProvider(clear_text); Encrypt using encryptWithPrefferedKeyProvider var encryptedData = cs.encryptWithPrefferedKeyProvider(clear_text); Encrypt using encryptWithAnyCKP var encryptedData = cs.encryptWithAnyCKP(clear_text); Encrypt using a default key provider var encryptedData = cs.encrypt(value, 'dflt-gpdes'); Decrypt data var decryptedData = cs.decrypt(encryptedData); Alternatives Use KMFCryptoOperation API for encryption/decryption needs. Encrypt Data: var op = new sn_kmf_ns.KMFCryptoOperation("<module_name>", "SYMMETRIC_ENCRYPTION") .withInputFormat("KMFNone");var encryptedText = op.doOperation(clear_text); Decrypt Data: var op = new sn_kmf_ns.KMFCryptoOperation("<module_name>", "SYMMETRIC_DECRYPTION") .withOutputFormat("KMFNone");var clear_text = op.doOperation(encryptedText); Note: These operations require a KMF module that supports SYMMETRIC_ENCRYPTION , SYMMETRIC_DECRYPTION and also tracks/allows the Decryptions. If you do not have a module that matches this criteria, you can create a new KMF module and use that in the code as an input parameter for module name.If you also have a use case to transfer this data to a different instance and expect it to be decrypted there, then you also need to maintain the module and keys in both the source and target instances. You can do this by using KMF key exchange Release Version Vancouver Patch 1 Custom usage to decrypt SysProperty password value Example usage var propertyValue = gs.getProperty(propertyName);var cs = GlideCryptoService.getInstance();var value = cs.decrypt(propertyValue); Alternatives Glide properties API already decrypts the value on properties loading, so explicit calls to CryptoService is redundant and should be avoided. var propertyValue = gs.getProperty(propertyName); Release Version Vancouver Custom usage to encrypt/decrypt parameters or payload transferred to other instances Example usage Transferring encrypted data between instances via XML export/import, update sets and webservice calls. Alternatives Use KMFCryptoOperation to perform symmetric data encryption/encryption on the values with the key resource exchanged to target instances (KMF key exchange) Release Version Tokyo Custom usage to encrypt/decrypt data using customer supplied key Example usage Get crypto service: var cs = GlideCryptoService.getInstance(); Register custom key: var kp = new Packages.com.glide.security.CryptoKeyProviderGP("cust-key", "AES/CBC/PKCS5Padding", keyBytes);cs.register(kp); Encrypt using custom key: var encryptedValue = cs.encrypt(value, "cust-key"); Alternatives Hardcoded custom key usage is problematic as it lacks secure key management. Use KMF for your key management and encryption needs. Let KMF manage keys for the whole lifecycle Use a securely managed customer supplied key (configure and upload your customer supplied key) Release Version Vancouver Patch 1 Deprecation steps Run scan check Scan > Suites > Deprecated APIs > Deprecated API: GlideCryptoService to identify the records with GlideCryptoService usagesRemediate the GlideCryptoService usages with code changes for the chosen alternative. Be sure to update the related tests as neededTest to make sure there is no regression from the changes.