Key management transactions

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Key Management Transactions

    The Key Management Transactions submodule in ServiceNow provides visibility into all key-related transactions within your instance. Each transaction is characterized by a shared Request ID across multiple request steps, allowing you to track the overall status and individual step details effectively.

    Show full answer Show less

    Key Features

    • Request ID: A unique identifier for the key action, shared across all steps.
    • Request Action: Specifies the key operation being performed.
    • Request Status: Indicates the completion status, including Processing, Completed, or Failed.
    • Key Alias: Alphanumeric identifier for the key.
    • Key Lifecycle State: Reflects the stage of the key based on defined lifecycle states.
    • Request Sequence: Displays the processing order of each request step.
    • Request Step: Shows the current processing stage during key rotation, including various actions like request preparation and integrity checks.
    • Request Step Status: Reports whether each step is Completed or Failed, aiding in troubleshooting.

    Key Outcomes

    ServiceNow customers can efficiently monitor and manage key transactions, ensuring that all steps are completed successfully. In the event of a failure, customers are advised to provide the specific request step details to Customer Service and Support for analysis, facilitating quick resolution and minimizing downtime.

    The Key Management Transactions submodule displays all transactions that have occurred for the keys in your ServiceNow instance.

    • A key transaction is defined by the following:
      • Composed of several request steps.
      • A single Request ID is shared across all request steps.
      • The initial step, request sequence 0, of a transaction provides the current state of the overall transaction.

        As seen in the image below, the initial step 0 has an overall Request Status of Completed.

    • The following can be identified for the transaction by the individual request step:
      • The order of each step in a transaction can be identified by the sequence number for the step.
      • The status of each transaction is visible through the status of the request step.
      • If any steps beyond the initial step fail, the overall transaction has a status of Failed. If all steps are completed, the transaction status is also completed.

    The following screen is a sample of the type of information that displays with a ServiceNow key rotation.

    Displays the key management transactions upon rotation.

    The following table displays the field information available on the Key Managements Transactions page.

    Table 1. Key Management Transactions
    Field Description
    Request ID Unique system-generated Id for the action being performed One request ID is shared across all request steps.
    Request action Displays the action for the key operation being performed.
    Request status
    • Processing: A request has been entered but hasn’t yet been completed.
    • Completed: The request has been completed successfully.
    • Failed: An issue occurred and the process hasn’t been completed.
      Note:
      Contact Customer Service and Support and provide the request number where the failure occurred.
    Key alias Alphanumeric entry.
    Key life-cycle state See Key Management Framework key lifecycle states for definitions.
    Origin
    • ServiceNow key
    • Customer-managed key
    Key version When a key rotates, the version number increments.
    Request sequence Displays the order in which a request is being processed in the system.
    Request step Displays whether a step is being processed in the system during key rotation. The quantity and content of the steps vary based on the type of key operation performed.
    1. request_preparation: Creates a request to trigger and the wrapping and rotation.
    2. request_integrity_check: Validates that the request is legitimate and secure.
    3. request_validation: Validates that there’s a request in progress, only one rotate request can be processed at a time.
    4. attachment_process: Extracts the wrapped key material from the attachment. (Additional step when rotating a Customer Managed key.)
    5. hsm_<key type>_upload: Uploads the wrapped key material to the HSM, KeySecure.
    6. key_metadata_rotate: Generates the new key metadata.
    7. post_rotate_request: Sends a request to perform the key rotation.
    8. post_rotate_response: Response to perform the key rotation based on the request from the customer instance.
    Note:
    Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.
    Request step status
    • Completed: Rotation is successful.
    • Failed: Rotation isn’t successful.
      Note:
      Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.