Description
Script includes with protected policy are encrypted on install (outside of zboot/upgrade by non-maint users) and decrypted before execution. If a script include has a protection policy as protected, then the data in the script is encrypted on the instance when the script gets installed (e.g. from the ServiceNow Store, or a plugin). The protected script is encrypted with Triple Data Encryption Standard (3DES).
Starting from Washington release, the protected script is encrypted with Advanced Encryption Standard (AES) algorithm by default. In some clone scenarios, the protected script include decryptions are failing. In such cases, below workaround can be used.
Steps to Reproduce
- Clone an instance to Washington release
- Execute a protected script includes after clone.
Workaround
Set the property sn_kmf.protected_script_encrypter.use.newkey to false.
Related Problem: PRB1734388
