Key management transactions

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Key management transactions

    The Key Management Transactions submodule in ServiceNow Yokohama release provides a detailed view of all key-related transactions in your instance. Each transaction consists of multiple request steps sharing a single Request ID, with the initial step indicating the overall transaction state. The system tracks the progress and status of each step, allowing you to monitor if a key operation succeeds or fails.

    Show full answer Show less

    Key Features

    • Request ID: A unique identifier shared across all steps of a transaction, enabling easy tracking.
    • Request Action and Status: Displays the specific key operation and its current state, such as Processing, Completed, or Failed.
    • Key Alias and Lifecycle State: Shows the alphanumeric alias and current life-cycle state of the key involved.
    • Key Version: Automatically increments when keys rotate, helping you track key changes over time.
    • Request Sequence and Steps: Details the order and type of processing steps (e.g., requestpreparation, requestvalidation, attachmentprocess) involved in key operations. Steps vary based on whether the key is ServiceNow-managed or customer-managed.
    • Request Step Status: Each step is marked as Completed or Failed, providing granular insight into the transaction progress.
    • Support Guidance: In case of failures, providing the Request ID and specific request step to Customer Service and Support facilitates troubleshooting and resolution.

    Practical Benefits

    This submodule enables you to comprehensively audit and troubleshoot key management operations, including rotations, by viewing each transaction’s lifecycle and detailed step statuses. It ensures transparency in key handling processes and helps you quickly identify and escalate issues to ServiceNow support with precise diagnostic information.

    The Key Management Transactions submodule displays all transactions that have occurred for the keys in your ServiceNow instance.

    • A key transaction is defined by the following:
      • composed of several request steps.
      • A single Request ID is shared across all request steps.
      • The initial step, request sequence 0, of a transaction provides the current state of the overall transaction.

        As seen in the image below, the initial step 0 has an overall Request Status of Completed.

    • The following can be identified for the transaction by the individual request step:
      • The order of each step in a transaction can be identified by the sequence number for the step.
      • The status of each transaction is visible through the status of the request step.
      • If any steps beyond the initial step fail, the overall transaction has a status of Failed. If all steps are completed, the transaction status is also completed.

    The following screen is a sample of the type of information that displays with a ServiceNow key rotation.

    Displays the key management transactions upon rotation.

    The following table displays the field information available on the Key Managements Transactions page.

    Table 1. Key Management Transactions
    Field Description
    Request ID Unique system-generated Id for the action being performed One request ID is shared across all request steps.
    Request action Displays the action for the key operation being performed.
    Request status
    • Processing: A request has been entered but hasn’t yet been completed.
    • Completed: The request has been completed successfully.
    • Failed: An issue occurred and the process hasn’t been completed.
      Note:
      Contact Customer Service and Support and provide the request number where the failure occurred.
    Key alias Alphanumeric entry.
    Key life-cycle state See Key Management Framework key life-cycle states for definitions.
    Origin
    • ServiceNow key
    • Customer-managed key
    Key version When a key rotates, the version number increments.
    Request sequence Displays the order in which a request is being processed in the system.
    Request step Displays whether a step is being processed in the system during key rotation. The quantity and content of the steps vary based on the type of key operation performed.
    1. request_preparation: Creates a request to trigger and the wrapping and rotation.
    2. request_integrity_check: Validates that the request is legitimate and secure.
    3. request_validation: Validates that there’s a request in progress, only one rotate request can be processed at a time.
    4. attachment_process: Extracts the wrapped key material from the attachment. (Additional step when rotating a Customer Managed key.)
    5. hsm_<key type>_upload: Uploads the wrapped key material to the HSM, KeySecure.
    6. key_metadata_rotate: Generates the new key metadata.
    7. post_rotate_request: Sends a request to perform the key rotation.
    8. post_rotate_response: Response to perform the key rotation based on the request from the customer instance.
    Note:
    Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.
    Request step status
    • Completed: Rotation is successful.
    • Failed: Rotation isn’t successful.
      Note:
      Provide the request step to Customer Service and Support to analyze the status progression in case a request step doesn’t complete.