Secure Handling of Password Variable in Catalog Item
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi,
I have a requirement around securely handling a password field in a Service Catalog item and would appreciate guidance on best practices.
Secure Password Handling (No Visibility Anywhere)
I have created a masked (password) variable in a catalog item.
However, I want to ensure:
The password should not be visible anywhere, including backend tables.
It should not be manually accessible by any user (including via scripts/UI).
The value should only be:
Used by the system at runtime
Transferred securely to an external tool via integration
It should remain encrypted at all times (at rest and in transit)
👉 My question: What is the recommended/secure approach in ServiceNow to achieve this?
Should I use Password2 variable type, Credential Store, or any other mechanism?
How can I ensure the value is not persisted or exposed in tables like sc_item_optionHi,
I have a requirement around securely handling a password field in a Service Catalog item and would appreciate guidance on best practices.
Secure Password Handling (No Visibility Anywhere)
I have created a masked (password) variable in a catalog item.
However, I want to ensure:
The password should not be visible anywhere, including backend tables.
It should not be manually accessible by any user (including via scripts/UI).
The value should only be:
Used by the system at runtime
Transferred securely to an external tool via integration
It should remain encrypted at all times (at rest and in transit)
👉 My question: What is the recommended/secure approach in ServiceNow to achieve this?
How can I ensure the value is not persisted or exposed in tables like sc_item_option?
