AWS Credentials from External Credential Store

Go to solution
Colin C1
Kilo Contributor

‎03-14-2018 07:43 AM

Hello All,

I am working on implementing the external credential store JAR file. I have it working for windows and linux username and password and private key authorization. I am also trying to implement AWS credentials using the JAR file however I am not sure how this will work. When I retrieve a username there is a variable defined in the java code on the doc site called VAL_USER and that is where I store the username. Pretty simple and straightforward, same with the password or private key, they go in one of the variables provided in the code on the docs site:

find_real_file.png

AWS credentials however do not use a username and password, they require an access key id and secret access key. What variables can I store the access key id and secret access key in for ServiceNow to be able to use an AWS credential via the external credential store? This also leads to the bigger question of weather or not AWS credentials can be used by an external credential store other than CyberArk.

Thanks,

Colin Christie

Labels:
Preview file
19 KB
0 Helpfuls
  • 1,845 Views
1 ACCEPTED SOLUTION

Go to solution
robertgeen
Tera Guru

‎03-15-2018 06:32 AM

Hello,

I would check out https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/product/discovery/concept/external_cred_storage_configuration.html

 

If you look at the example file you can see that it appears only the following are supported:

#TYPE is one of 
#ssh_password
#ssh_private_key
#snmp
#snmpv3
#vmware
#windows
#mssql
#cim

I believe the reason for this is that AWS makes API calls directly from the instance to AWS to pull back the information. As such it never actually uses the mid server to pull a credential.
I think the answer to this is simply that it can't be stored and pulled from a third party credential store. Please mark as correct if this turns out to be true.

View solution in original post

6 REPLIES 6

Go to solution
Hetal Doctor1
Kilo Contributor
In response to Tom Blanchard

‎11-17-2020 09:13 PM

Hi Tom,

Can you please share step by step guide of how you configured this?

Regards

Hetal

0 Helpfuls

Go to solution
Arumugam2
Tera Contributor
In response to Hetal Doctor1

‎03-20-2023 12:30 PM

Hi Hetal, The fix is pretty simple. We need to use the existing user and pswd attribute for this. Please find below. The permissible strings are coming from the interface IExternalCredential.java

Map<String, String> result = new HashMap<String, String>();

result.put(VAL_USER, awsAccessKey);
result.put(VAL_PSWD, awsSecretKey);
0 Helpfuls