Configuring External Credential Storage for Discovery

Megan28
Kilo Contributor

Is there anyone out there who has successfully used an external credential storage repository (not CyberArk)? For Discovery, I need to get credentials from a third party vault and store them in the ServiceNow instance.

I've read these docs:
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/c_Ex...
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/exte...

and I have created a JAR file (that just does some logging for now). I attached the JAR to the mid server. How do I go about executing this JAR so that I can test my code?

10 REPLIES 10

I'm trying to integrate a 3rd party external cred vault so SN Discovery can use those creds. I assumed once obtaining those creds via the mid server that they are stored in a SN instance per this diagram from the docs:
find_real_file.png

Ryan Zulli
ServiceNow Employee
ServiceNow Employee

no that is not true - once the external credential plugin is enabled and you've written the JAR file to communicate with that credential storage system, the mid server will use a pointer, credential ID.  The mid server retrieves the credential associated with that credential ID, uses it and returns it back to the external credential storage system. We do not store that credential on the instance nor do we send it to the instance.

tim_broberg
ServiceNow Employee
ServiceNow Employee

find_real_file.png

Hurray! It works!

Here's what I did:

  1. Coded up my little CredentialResolver with a main() method based on the demo version in the docs to debug, but calling into the relevant API and retrieving credentials. Debugged until it mostly works.
  2. Installed the External Credential Storage plugin. (It's free, but has to be installed by ServiceNow?! x^P)
  3. Created a credential to test with, marking it external.
  4. Built my jar file.
  5. Created a jar record for the mid server and attached the jar file. (Mid restarts, synchs jar file.)
  6. Test credential.
  7. Bang head on keyboard.
  8. Tinker with something ineffectual.
  9. (Repeat steps 6 - 9)
  10. Modify package of CredentialResolver to package com.snc.discovery;
  11. (Repeat steps 4 - 6)
  12. Post good news to community.servicenow.com!

    - Tim.

Thank you so much for your reply! I can only imagine how good it feels to get to that screen. I've gotten through #6, except that the main() method in my jar is just doing some standard logging because I wanted to see when that method was called. So far I haven't been able to see those logs in the mid server.

Also--did you remove all the boilerplate code that was using a properties file to store the credentials?

Side question - did you find yourself using Java/Spring to make calling out to the API easier? Or did you use a simpler way to make the HTTP call?

Hi Tim, if you have some time, I would really appreciate if you could take a glance at the questions I asked in my first reply. I'm currently still working through this. Thanks for the help so far!