Getting decrypted value from Password2 field

Dominik6
Kilo Explorer

‎03-23-2021 10:58 AM

Hi all!

Currently, I'm facing with problem with Password (2 way encrypted), because I'd like to store credentials in Credentials table, and I'm populating that table when my custom table is updated, so I decided to use business rules for that. 

Everything works fine, but when I want to get password value and pass into my REST script, I'm not able to decrypt it. I'm working in my custom scope, so I cannot use GlideEncryptor. 

There is any chance to decrypt that value in fly or in code?

Labels:
0 Helpfuls
  • 10,422 Views
8 REPLIES 8

gana2
Tera Contributor

‎01-24-2024 06:00 AM

@Ankur Bawiskar ,

As GlideEncrypter() API is Deprecating, the ServiceNow KB article suggested  to use getDecryptedValue() to 

decrypt it is working if we are trying to decrypt the glided Field but if we are trying to decrypt the system property we are getting undefined 
var dec1 = gs.getProperty('glide.user.default_password').getDecryptedValue();
Could you please let me know is there any alternative method to decrypt and encrypt with out using GlideEncrypter() API 
Thanks,
Ganasekhar
0 Helpfuls

Jyoti_D_kamthe1
Tera Contributor

‎01-24-2024 08:20 AM

Hi @Dominik6 ,

If you are working in a custom scope and cannot use GlideEncryptor to decrypt the password value directly, you might need to use a workaround. ServiceNow recommends using the Password Reset feature for such scenarios, but you can also consider the following approach:

 

var credAccessor = new sn_credential.CredentialsAccessor();
var cred = credAccessor.getDecryptedValue('your_credential_sys_id');
gs.info('Decrypted Password: ' + cred.password);

 

ServiceNow provides a Credential Store API that you can use to retrieve decrypted credentials. You can use the CredentialsAccessor API to get the decrypted values.

Replace 'your_credential_sys_id' with the Sys ID of the credential record you want to retrieve.

Create a Script Include to encapsulate the logic for retrieving the decrypted password. Then, you can call this Script Include from your business rule or script.

Example:

 

// Script Include: Decryptor
var Decryptor = Class.create();
Decryptor.prototype = {
   initialize: function() {},

   getDecryptedPassword: function(credentialSysId) {
      var credAccessor = new sn_credential.CredentialsAccessor();
      var cred = credAccessor.getDecryptedValue(credentialSysId);
      return cred.password;
   },

   type: 'Decryptor'
};

 

In your business rule or script:

 

var decryptor = new Decryptor();
var decryptedPassword = decryptor.getDecryptedPassword('your_credential_sys_id');
gs.info('Decrypted Password: ' + decryptedPassword);

 

Make sure to replace 'your_credential_sys_id' with the actual Sys ID.

Thanks,

Jyoti kamthe

0 Helpfuls

David Hubbard
Tera Guru
In response to Jyoti_D_kamthe1

‎06-05-2025 03:57 AM

Hi there.

 

I appreciate your post was from a while back.

 

On "new sn_credential.CredentialsAccessor()" - I get as error - '"sn_credential" is not defined'.

is this part of base platform (Yokohama) or provided as an installable plugin?  

 

I can't locate any API information for this and can't locate in Application Manager.

 

Plus - are you aware if this can access specialised credential types like "AWS Credential"?

 

Many thanks

David

0 Helpfuls

David Hubbard
Tera Guru
In response to David Hubbard

‎06-05-2025 07:15 AM

Hi

 

I posted this as part of a related question posted in forum here.

 

For my requirement - getting "secret_key" decrypted from "AWS Credential" I resolved this using "sn_cc.StandardCredentialsProvider()" as per documentation link 

 

0 Helpfuls