Key management transactions

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Key management transactions

    The Key Management Transactions submodule in ServiceNow provides a detailed view of all key-related transactions within your instance. Each transaction consists of multiple request steps sharing a single Request ID, with the initial step (sequence 0) indicating the overall transaction status. This allows you to track the progress and outcome of key operations such as rotations.

    Show full answer Show less

    Key Features

    • Request ID: Unique identifier shared across all steps of a transaction for easy tracking.
    • Request Action: Specifies the key operation being performed (e.g., rotation).
    • Request Status: Indicates processing stages:
      • Processing: Request entered but not complete.
      • Completed: Request successfully finished.
      • Failed: An issue occurred; requires contacting Customer Service with the request number.
    • Key Alias and Lifecycle State: Identifies the key and its current lifecycle status per the Key Management Framework.
    • Key Version: Increments each time a key rotates.
    • Request Sequence and Step: Displays the order and specific step within the transaction process, which varies by key operation. Examples of steps include preparation, integrity check, validation, attachment processing (for customer-managed keys), uploading to HSM, metadata generation, and rotation requests and responses.
    • Request Step Status: Shows success or failure at each step, enabling granular monitoring of the rotation process.

    Practical Use for ServiceNow Customers

    This detailed transaction tracking allows you to monitor key management activities closely, identify precisely where a failure occurs in the process, and provide Customer Service with specific Request IDs and steps for faster troubleshooting. Understanding these fields and statuses ensures effective management and auditing of your encryption keys, supporting compliance and security best practices.

    The Key Management Transactions submodule displays all transactions that have occurred for the keys in your ServiceNow instance.

    • A key transaction is defined by the following:
      • composed of several request steps.
      • A single Request ID is shared across all request steps.
      • The initial step, request sequence 0, of a transaction provides the current state of the overall transaction.

        As seen in the image below, the initial step 0 has an overall Request Status of Completed.

    • The following can be identified for the transaction by the individual request step:
      • The order of each step in a transaction can be identified by the sequence number for the step.
      • The status of each transaction is visible through the status of the request step.
      • If any steps beyond the initial step fail, the overall transaction has a status of Failed. If all steps are completed, the transaction status is also completed.

    The following screen is a sample of the type of information that displays with a ServiceNow key rotation.

    Displays the key management transactions upon rotation.

    The following table displays the field information available on the Key Managements Transactions page.

    Table 1. Key Management Transactions
    Field Description
    Request ID Unique system-generated Id for the action being performed One request ID is shared across all request steps.
    Request action Displays the action for the key operation being performed.
    Request status
    • Processing: A request has been entered but hasn’t yet been completed.
    • Completed: The request has been completed successfully.
    • Failed: An issue occurred and the process hasn’t been completed.
      Note:
      Contact Customer Service and Support and provide the request number where the failure occurred.
    Key alias Alphanumeric entry.
    Key life-cycle state See Key Management Framework key lifecycle states for definitions.
    Origin
    • ServiceNow key
    • Customer-managed key
    Key version When a key rotates, the version number increments.
    Request sequence Displays the order in which a request is being processed in the system.
    Request step Displays whether a step is being processed in the system during key rotation. The quantity and content of the steps vary based on the type of key operation performed.
    1. request_preparation: Creates a request to trigger and the wrapping and rotation.
    2. request_integrity_check: Validates that the request is legitimate and secure.
    3. request_validation: Validates that there’s a request in progress, only one rotate request can be processed at a time.
    4. attachment_process: Extracts the wrapped key material from the attachment. (Additional step when rotating a Customer Managed key.)
    5. hsm_<key type>_upload: Uploads the wrapped key material to the HSM, KeySecure.
    6. key_metadata_rotate: Generates the new key metadata.
    7. post_rotate_request: Sends a request to perform the key rotation.
    8. post_rotate_response: Response to perform the key rotation based on the request from the customer instance.
    Note:
    Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.
    Request step status
    • Completed: Rotation is successful.
    • Failed: Rotation isn’t successful.
      Note:
      Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.