<h2>Key Management Framework</h2><br/><div style="overflow-x:auto"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta content="text/html; charset=UTF-8" /><meta name="copyright" content="(C) Copyright 2026" /><meta name="DC.rights.owner" content="(C) Copyright 2026" /><meta name="generator" content="DITA-OT" /><meta name="DC.type" content="concept" /><meta name="DC.title" content="Key Management Framework" /><meta name="abstract" content="Use the Key Management Framework (KMF) to generate, exchange, store, use, and replace the cryptographic keys used to encrypt and decrypt sensitive data on your ServiceNow instance." /><meta name="description" content="Use the Key Management Framework (KMF) to generate, exchange, store, use, and replace the cryptographic keys used to encrypt and decrypt sensitive data on your ServiceNow instance." /><meta name="DC.relation" scheme="URI" content="../../../administer/security/concept/encryption-landing.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/encryption/concept/explore-kmf.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/encryption/concept/configure-kmf.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/concept/understanding-kmf.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/reference/key-management-actions.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/concept/import-key-webservice-1.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/task/kmf_diagnostics.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/task/check-3des.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/reference/resource-exchange.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/concept/infrastructure-security.html" /><meta name="DC.relation" scheme="URI" content="../../../administer/key-management-framework/concept/password-2way-encrypted-fields.html" /><meta name="DC.creator" content="ServiceNow" /><meta name="DC.date.created" content="2023-02-02" /><meta name="DC.date.modified" content="2025-07-31" /><meta name="mini-toc" content="yes" /><meta name="DC.format" content="XHTML" /><meta name="DC.identifier" content="encryption" /><link rel="stylesheet" type="text/css" href="../../../CSS/commonltr.css" /><title>Key Management Framework</title></head><body id="encryption"> <h1 class="title topictitle1" id="ariaid-title1">Key Management Framework</h1> <div class="body conbody"><p class="shortdesc">Use the <span class="ph">Key Management Framework</span> (<span class="ph">KMF</span>) to generate, exchange, store, use, and replace the cryptographic keys used to encrypt and decrypt sensitive data on your <span class="ph">ServiceNow</span> instance.</p> <div class="section" id="encryption__section_u5r_lfl_znb"> <div class="p">Key Management refers to the activities involved in handling your cryptographic keys and related security parameters during the key's life cycle. <span class="ph">Key Management Framework</span> is based on <a class="xref" href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf" target="_blank" rel="noopener noreferrer">National Institute of Standards and Technology (NIST) 800-57</a> guidelines. In accordance with these guidelines, you can use <span class="ph">KMF</span> to:<ul class="ul" id="encryption__ul_uyg_53v_kmb"><li class="li">Assign dedicated roles for cryptographic management and operations, auditing, and integration.</li><li class="li">Create cryptographic modules to configure of cryptographic specifications for unique cryptographic purposes and key types.<ul class="ul" id="encryption__ul_dgq_ptc_snb"><li class="li">Symmetric key: encryption and decryption, key wrapping and unwrapping, and authentication</li><li class="li">Asymmetric key: digital signature generation and verification, encryption and decryption, key wrapping and unwrapping</li></ul> </li><li class="li">Manage your key life cycle to generate, rotate, revoke, and suspend keys, including support of several key life cycle states</li><li class="li">Create module access policies (MAPs) to enforce access controls, to grant access only to users and scripts that you choose.</li><li class="li">Protect your cryptographic keys with the Federal Information Processing Standard (FIPS) 140-2-L3 hardware Root of Trust (RoT), Public Key Infrastructure (PKI), key hierarchy, and envelope encryption.</li><li class="li">Assign the auditing role to users to can then view auditing information such as key usage statistics.</li></ul> </div> </div> <div class="section" id="encryption__section_ucy_yrq_dsb"><h2 class="title sectiontitle">Get started</h2> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="encryption__table_y4x_cxd_nzb" class="table nav-card" frame="void" border="1" rules="all"><colgroup><col style="width:33.33333333333333%" /><col style="width:33.33333333333333%" /><col style="width:33.33333333333333%" /></colgroup><tbody class="tbody"><tr class="row"><td class="entry nocellnorowborder" style="vertical-align:top;"> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/concept/explore-kmf.html" title="Learn about the components of the Key Management Framework (KMF), and how to use them to manage how cryptographic operations are performed on your instance."><span class="ph nav-card-title">Exploring the Key Management Framework</span><img class="image decorative" id="encryption__image_qvf_wxd_nzb" src="../../../reuse/icons/brand-icons/bus-explore.svg" alt="" /></a></p> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/concept/explore-kmf.html" title="Learn about the components of the Key Management Framework (KMF), and how to use them to manage how cryptographic operations are performed on your instance.">Learn about the components of the Key Management Framework, and how to use them to manage how cryptographic operations are performed on your instance.</a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/concept/configure-kmf.html" title="Create and maintain Key Management components to customize and manage how cryptographic operations are performed on your ServiceNow instance."><span class="ph nav-card-title">Configuring the Key Management Framework</span><img class="image decorative" id="encryption__image_nrf_wqz_rcc" src="../../../reuse/icons/brand-icons/bus-sdlc.svg" alt="" /></a></p> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/concept/configure-kmf.html" title="Create and maintain Key Management components to customize and manage how cryptographic operations are performed on your ServiceNow instance.">Create and maintain Key Management components to customize and manage how cryptographic operations are performed on your <span class="ph">ServiceNow</span> instance.</a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/concept/understanding-kmf.html" title="The Key Management Framework (KMF) API/UX lets you fully customize and manage how cryptographic operations are performed on your ServiceNow instance. The ServiceNow Key Management Framework provides a secure and comprehensive interface for instance-side cryptographic key management services."><span class="ph nav-card-title">Key Management Framework Reference</span><img class="image decorative" id="encryption__image_qvf_wxd_nzc" src="../../../reuse/icons/brand-icons/bus-case-study.svg" alt="" /></a></p> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/concept/understanding-kmf.html" title="The Key Management Framework (KMF) API/UX lets you fully customize and manage how cryptographic operations are performed on your ServiceNow instance. The ServiceNow Key Management Framework provides a secure and comprehensive interface for instance-side cryptographic key management services.">Review additional Key Management reference materials</a></p> </td></tr><tr class="row"><td class="entry nocellnorowborder" style="vertical-align:top;"> </td><td class="entry nocellnorowborder" style="vertical-align:top;"> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/reference/key-management-actions.html" title="One of the core features of KMF is to provide the capability to manage keys, such as revoking or rotating keys. KMF properly secures sensitive data with the most up-to-date encryption materials and life cycle operations."><span class="ph nav-card-title">Key Management Framework actions</span><img class="image decorative" id="encryption__image_ngm_nsz_rcc" src="../../../reuse/icons/brand-icons/bus-optimize-manage.svg" alt="" /></a></p> <p class="p"><a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/reference/key-management-actions.html" title="One of the core features of KMF is to provide the capability to manage keys, such as revoking or rotating keys. KMF properly secures sensitive data with the most up-to-date encryption materials and life cycle operations.">One of the core features of KMF is to provide the capability to manage keys, such as revoking or rotating keys. KMF properly secures sensitive data with the most up-to-date encryption materials and life cycle operations.</a></p> </td><td class="entry nocellnorowborder" style="vertical-align:top;"> </td></tr></tbody></table> </div> </div> <div class="section" id="encryption__section_phy_rtz_fvb"><h2 class="title sectiontitle">Activation information</h2> <p class="p">The <span class="ph">ServiceNow</span> Platform Encryption subscription bundle is a group commercial entitlement that includes <span class="ph">Key Management Framework</span>, <span class="ph">Field Encryption Enterprise</span>, <span class="ph">Cloud Encryption</span>, and Database Encryption.</p> <p class="p"><span class="ph">Field Encryption Enterprise</span> is the unlimited license of <span class="ph">Field Encryption</span>. The <span class="ph">Field Encryption</span> Enterprise plugin is available with the activation of the com.glide.now.platform.encryption plugin. For details, see <a class="xref" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/reference/encryption-sku.html" title="With Key Management, Field Encryption is upgraded at no additional charge to include highly configurable encryption modules. You can also optionally upgrade to the unlimited-use license. Subscribe to the new encryption entitlement bundle, Platform Encryption, which includes Field Encryption Enterprise and Cloud Encryption.">Encryption and Key Management subscription bundle</a>.</p> <div class="note"><span class="notetitle">Note:</span> <span class="ph">KMF</span> doesn’t support domain separation, but can be used with on-premise instances.</div> </div> </div> <div class="related-links"> <ul class="ullinks"><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/concept/explore-kmf.html">Exploring the Key Management Framework</a></strong><br /> Learn about the components of the Key Management Framework (KMF), and how to use them to manage how cryptographic operations are performed on your instance.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/encryption/concept/configure-kmf.html">Configuring the Key Management Framework</a></strong><br /> Create and maintain Key Management components to customize and manage how cryptographic operations are performed on your <span class="ph">ServiceNow</span> instance.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/concept/understanding-kmf.html">Key Management Framework Reference</a></strong><br /> The <span class="ph">Key Management Framework</span> (KMF) API/UX lets you fully customize and manage how cryptographic operations are performed on your <span class="ph">ServiceNow</span> instance. The <span class="ph">ServiceNow</span> <span class="ph">Key Management Framework</span> provides a secure and comprehensive interface for instance-side cryptographic key management services.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/reference/key-management-actions.html">Key management actions</a></strong><br /> One of the core features of KMF is to provide the capability to manage keys, such as revoking or rotating keys. KMF properly secures sensitive data with the most up-to-date encryption materials and life cycle operations.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/concept/import-key-webservice-1.html">Import a key from a web service</a></strong><br /> Securely upload an external customer key onto your instance using import a key from a web service (for example the key REST API). Both symmetric and asymmetric public keys can be imported into a targeted <span class="ph">KMF</span> cryptographic module.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/task/kmf_diagnostics.html">Key Management Framework Health</a></strong><br /> Access on-demand health status information for the <span class="ph">Key Management Framework</span>. Warning and malfunction errors contain a detailed message.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/task/check-3des.html">Prepare your instance for GlideEncrypter deprecation</a></strong><br /> Use an instance scan script to find and remove GlideEncrypter API calls on your instance. Removing these calls is a necessary step in deprecating 3DES encryption on your instance.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/reference/resource-exchange.html">Key Management Framework Resource Exchange</a></strong><br /> <span class="ph">ServiceNow®</span> <span class="ph">Resource Exchange</span> is a <span class="ph">KMF</span> feature that gives you the capability to exchange resources between instances in a secure manner.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/concept/infrastructure-security.html">Infrastructure Security</a></strong><br /> Use Infrastructure security tools to create, upload, and manage certificates your instance uses to encrypt traffic from client to server.</li><li class="link ulchildlink"><strong><a href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/key-management-framework/concept/password-2way-encrypted-fields.html">Password2 encryption with the Key Management Framework (KMF)</a></strong><br /> Supported by the <span class="ph">Key Management Framework</span>, use the <span class="ph">Password2</span> (2-way encrypted) field type to encrypt and decrypt custom fields with segregation of duties, key protection, and life-cycle management. It works in accordance with NIST 800-57 guidelines and provides FIPS 140-2-L3 protection.</li></ul> <div class="familylinks"> <div class="parentlink"><strong>Parent Topic:</strong> <a class="link" href="https://servicenow.com/docs/bundle/yokohama-platform-security/page/administer/security/concept/encryption-landing.html" title="Protect your sensitive data and stay compliant with regulatory requirements and standards.">Encryption</a></div> </div> </div></body></html></div>