Lockbox - How To Guide
Welcome
Section titled “Welcome”This document covers the installation guide of the application, including a default configuration of the “incident” table that allows you to enter secure data and set access to that data via the ITIL role policy. Granted, the ITIL role is just for demo purposes and in this case we are assuming itil users would be the ones that are allowed to see secure data. As always, consult with your internal security team on proper procedures for secure data access.
1. Let’s Setup the Key Management Administration
Section titled “1. Let’s Setup the Key Management Administration”To proceed, the “security_admin” role is required to access this page. Access into this module is required as we’ll be creating a new key management crypto module along with access policies.
Navigate to the “ALL” menu filter navigator, and search “Key Management”. Select “Key Management Administration”.
2. Select the user account that will configure the module and access policies.
Section titled “2. Select the user account that will configure the module and access policies.”In this demo, we’re using the System Administrator account to grant access to the Key Management Framework.
Pick the account as shown and “Save” the record. After save, navigate back to your ServiceNow platform homepage.
3. Let’s setup the Crypto Module and Access Policies
Section titled “3. Let’s setup the Crypto Module and Access Policies”Back on the ServiceNow platform home page, navigate to your filter navigator and type “Key Management”. Click “Create New”
4. Configure the record
Section titled “4. Configure the record”Remember, we are starting with the incident table for this data. So, we’re calling this module “incident_data”. Note, the name has to be all one word and lowercase, you may use underscores.
Configure the other fields as shown.
5. Submit the record
Section titled “5. Submit the record”
6. Setup the Crypto Specifications
Section titled “6. Setup the Crypto Specifications”Click the “New” button. Confirm you are on the “Crypto Specifications” tab.
7. For each section, we’ll enter the details as shown in the screenshots.
Section titled “7. For each section, we’ll enter the details as shown in the screenshots.”After setting the follow values as shown, click next.
8. Configure Step 2
Section titled “8. Configure Step 2”Choose the AES 256 CDC Algorithm. After confirming, choose “Next”
9. Configure Step 3
Section titled “9. Configure Step 3”For the “Key Alias”, choose a name to identify the source. We choose lockbox so we know the app is using that module to encrypt our secure entries. After the name is set, choose “Next”.
10. Configure Step 4
Section titled “10. Configure Step 4”Click on Generate Key and Save. Once you generate a key, this setup action is now complete. Continue back to the home page for the access policy configuration.
11. On the home page, in the filter navigator. Type “Key Management”. You will see a list of options.
Section titled “11. On the home page, in the filter navigator. Type “Key Management”. You will see a list of options.”Choose “All” under the Module Access Policies
12. Click on New
Section titled “12. Click on New”
13. Configure the Access Policy
Section titled “13. Configure the Access Policy”Configure your access policy as shown.
14. Confirm Configuration
Section titled “14. Confirm Configuration”Once you have confirmed configuration, save the record.
ℹ️ NOTE! We are configuring the “incident” table for this product setup/demo. You may create a entry for any table as you desire by repeating the below steps.
15. Setup the Table Configuration within the LockBox Application.
Section titled “15. Setup the Table Configuration within the LockBox Application.”This will enable the the UI Action (button) to be displayed on the incident table. Type LockBox in the filter navigator then select “Table Configuration”.
16. Click on New
Section titled “16. Click on New”
17. Configure Form
Section titled “17. Configure Form”Select “incident” as the source table. Confirm the record is “active” (box is checked).
18. Select the Crypto Module to be associated with the table configuration.
Section titled “18. Select the Crypto Module to be associated with the table configuration.”This is important, you must select the same module you created in steps 3 - 5.
19. Click on UI Action Preferences Section
Section titled “19. Click on UI Action Preferences Section”Check “Show Form Button”. Submit the Record.
20. Let’s test our configuration
Section titled “20. Let’s test our configuration”In your filter navigator. Navigate to the incident list.
21. Find a “active” or (open) incident.
Section titled “21. Find a “active” or (open) incident.”Once you have opened an incident, you will notice the new button named “LockBox”.
22. Click on the LockBox Button
Section titled “22. Click on the LockBox Button”Once you have the modal open, you may type your sensitive information that will be stored securely within a encrypted record.
23. Message Input
Section titled “23. Message Input”Type a message you would like secured. Choose Submit when done.
⛔️ NOTE: You cannot view the saved data until we configure the next steps to setup a new access policy that will grant users with the ITIL role to view the secure data. Note, for this demo we are choosing the ITIL role. Confirm with your System Administration or Security team to see which role needs access to view the secure data.
24. Create new ITIL Access Policy
Section titled “24. Create new ITIL Access Policy”Search “Key Management” in your filter navigator. Find the “All” menu option under the Module Access Policies
25. Click Create New
Section titled “25. Click Create New”
26. Configure Record as shown
Section titled “26. Configure Record as shown”This example we are setting the ITIL role to be able to access the secure entries under our ‘lockbox_incident_data’ module. Once you have configured the record as shown below, submit the record.
⛔️ NOTE: Since you have modified access policies you must logout of ServiceNow and log back in for the access to take effect.
27. Let’s revisit our previous incident.
Section titled “27. Let’s revisit our previous incident.”Once you have logged out of ServiceNow, and reauthenicated back in. You may navigate back to the previous incident where we stored our new secure message.
28. Viewing the saved data
Section titled “28. Viewing the saved data”On the incident record you previously added a new entry to. Confirm you have a tab/list of “LockBox Data Items” on the bottom of the record as shown.
⚠️ If the related list does not show the Lockbox Data Items as shown above, please follow the configuration steps as found here: https://docs.servicenow.com/bundle/vancouver-platform-user-interface/page/use/using-forms/task/t_SelectRelatedRecords.htmlThe list name will be “LockBox Data Items”.
29. Find the most recent entry to view the record/data that you have saved.
Section titled “29. Find the most recent entry to view the record/data that you have saved.”Note: Access to view this record will be dependent on the module access policies. By default, no one has access to the record. We fixed that by configuring the ITIL Access Policy above. You must repeat this process or any custom role or access policy you would like to grant.
30. Open the Secure Entry
Section titled “30. Open the Secure Entry”You can see the secure data is now available as the user viewing the record as the ITIL role as required by the previous access policy that we setup.
ℹ️ Note: The access logs will help show who has viewed that record. The data is hidden in the demo for privacy reasons.