Credential Store in Service-Now

Credential Store in Service-Now

credential storage SNOW

Credential Store in encrypted form in ServiceNow

In our continuous effort of sharing Service-Now knowledge, this blog will help you in storing your user name and password in credential store in Service-Now.

If you have ‘Discovery’ enabled in your ServiceNow instance then you can save credentials in an encrypted form inside discovery credentials. These credentials can be used to access a 3rd party tool through ServiceNow features such as orchestration/Discovery or can be used for internal use.

This blog will help you in how to store and access the credential using discovery credentials feature.

Use case:

Consider you have to access a 3rd party tool through ServiceNow (with or without using orchestration). Access to this 3rd party tool require userID and password which you have to store in a encrypted form and can be decrypted whenever required.

Solution:

  1. Go to Credentials in Discovery application
  2. Create entry for your credentials as shown

    Credential storage in ServiceNow

    Credential storage in ServiceNow

  3. Store the sys_id of this record (credential record) in system property for easy access in future
  4. Write a script include to get the credentials and call that script include anywhere to access the credential OR use this credentials directly in orchestration workflow

Script Include:

_getAccDetails: function(){
                      var priSVC = gs.getProperty("property name"); //This will retuen the sys_id of the credentials record which you stored in the property in step number 3
                     var secSVC = gs.getProperty("property name"); //This will retuen the sys_id of the credentials record which you stored in the property (in case you have secondary credentials)

//Both variables are the returned GlideObject

                      var priAcc = this._getRecObj(priSVC);
                      var secAcc = this._getRecObj(secSVC);
                      var accDetails = '';
                      var uid = '';
                      var pwd = '';


                     //Validation checks: if primary credentials is inactive use secondary acc details else if both inactive update with error log

                      if ((priAcc.active == false) && (secAcc.active == false)){
                                    accDetails = 'error: undefined';
                                    //returning the error message
                                    return accDetails;
                      }


                      if(priAcc.active == true){
                                    uid = priAcc.user_name;
                                    pwd = this._decryptPwd(priAcc.password);
                                    accDetails = uid + ' ' + pwd;
                                    return accDetails;
                      }


                      if(priAcc.active == false){
                                    uid = secAcc.user_name;
                                    pwd = this._decryptPwd(secAcc.password);
                                    accDetails = uid + ' ' + pwd;
                                    return accDetails;
                      }
       },

_decryptPwd: function(pass){
                      var ge = new GlideEncrypter();
                      var thePass = ge.decrypt(pass);
                      if(thePass != ''){
                      return thePass;}
                      else { return 'NA';}
       },

       _getRecObj: function(id){
                      var rec = new GlideRecord('discovery_credentials');
                      rec.get(id);
                      if(rec != ''){
                      return rec;}
                      else { return 'NA';}
       }

 

That’s how you store (encrypt), access and decrypt the password and use it at right place.

Note down that passing the credentials as a string after decryption is not a right way so please be careful on where/how/why to use this method.

If article was useful or you have any query, please let us know at consult@inmorphis.com or comment below.

No comments

Leave a reply

Your email is never published nor shared. Required fields are marked *

Are you Human? * Time limit is exhausted. Please reload CAPTCHA.

Pin It on Pinterest

Share This