Credential Store in Service-Now

Credential Store in Service-Now

credential storage SNOW

Credential Store in encrypted form in ServiceNow

In our continuous effort of sharing Service-Now knowledge, this blog will help you in storing your user name and password in credential store in Service-Now.

If you have ‘Discovery’ enabled in your ServiceNow instance then you can save credentials in an encrypted form inside discovery credentials. These credentials can be used to access a 3rd party tool through ServiceNow features such as orchestration/Discovery or can be used for internal use.

This blog will help you in how to store and access the credential using discovery credentials feature.

Use case:

Consider you have to access a 3rd party tool through ServiceNow (with or without using orchestration). Access to this 3rd party tool require userID and password which you have to store in a encrypted form and can be decrypted whenever required.


  1. Go to Credentials in Discovery application
  2. Create entry for your credentials as shown

    Credential storage in ServiceNow

    Credential storage in ServiceNow

  3. Store the sys_id of this record (credential record) in system property for easy access in future
  4. Write a script include to get the credentials and call that script include anywhere to access the credential OR use this credentials directly in orchestration workflow

Script Include:

_getAccDetails: function(){
                      var priSVC = gs.getProperty("property name"); //This will retuen the sys_id of the credentials record which you stored in the property in step number 3
                     var secSVC = gs.getProperty("property name"); //This will retuen the sys_id of the credentials record which you stored in the property (in case you have secondary credentials)

//Both variables are the returned GlideObject

                      var priAcc = this._getRecObj(priSVC);
                      var secAcc = this._getRecObj(secSVC);
                      var accDetails = '';
                      var uid = '';
                      var pwd = '';

                     //Validation checks: if primary credentials is inactive use secondary acc details else if both inactive update with error log

                      if (( == false) && ( == false)){
                                    accDetails = 'error: undefined';
                                    //returning the error message
                                    return accDetails;

                      if( == true){
                                    uid = priAcc.user_name;
                                    pwd = this._decryptPwd(priAcc.password);
                                    accDetails = uid + ' ' + pwd;
                                    return accDetails;

                      if( == false){
                                    uid = secAcc.user_name;
                                    pwd = this._decryptPwd(secAcc.password);
                                    accDetails = uid + ' ' + pwd;
                                    return accDetails;

_decryptPwd: function(pass){
                      var ge = new GlideEncrypter();
                      var thePass = ge.decrypt(pass);
                      if(thePass != ''){
                      return thePass;}
                      else { return 'NA';}

       _getRecObj: function(id){
                      var rec = new GlideRecord('discovery_credentials');
                      if(rec != ''){
                      return rec;}
                      else { return 'NA';}


That’s how you store (encrypt), access and decrypt the password and use it at right place.

Note down that passing the credentials as a string after decryption is not a right way so please be careful on where/how/why to use this method.

If article was useful or you have any query, please let us know at or comment below.

No comments

Leave a reply

Your email is never published nor shared. Required fields are marked *

Are you Human? * Time limit is exhausted. Please reload CAPTCHA.

Pin It on Pinterest

Share This