Configuring External Credential Storage for Discovery

Megan28
Kilo Contributor

Is there anyone out there who has successfully used an external credential storage repository (not CyberArk)? For Discovery, I need to get credentials from a third party vault and store them in the ServiceNow instance.

I've read these docs:
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/c_Ex...
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/exte...

and I have created a JAR file (that just does some logging for now). I attached the JAR to the mid server. How do I go about executing this JAR so that I can test my code?

10 REPLIES 10

tim_broberg
ServiceNow Employee
ServiceNow Employee

I have not, but I'm working on it right now.

To my understanding, you need to

  • upload the jar file to the instance to be synch'ed to all the mids (warning, this restarts all the mids immediately)
  • install the external credential plugin
  • configure the instance to recognize your external credential
  • create a credential on the instance, and check the external credential box

I don't really know if you need to somehow identify the package of your CredentialResolver.

I do know somebody who applied the Beyond Trust Power Broker Password Safe external credential store, and I will forward this to him for comment.

Let's keep each other posted on our progress.
    - Tim.

@tim.broberg  This detail is/would be super helpful - as your work progresses, please share key learnings.   Thycotic is another external store w/o a plugin as you know, and we're confronted with same challenges... how to architect/build/deploy all the required bits for a custom integration to an external store.    Please & Thank you 🙂

Thank you for this reply. Would love to hear if you've made any progress so far.

Also, this example was sent to me. Maybe it's helpful to you.

- Megan

Ryan Zulli
ServiceNow Employee
ServiceNow Employee

Just to clarify, you're asking if its possible for servicenow to query your 3rd party external cred vault for its credentials, and then "store" them in the credential table within Servicenow?

or are you trying to just integrate a 3rd party external cred vault with SN Discovery so can use those passwords?