Configuring External Credential Storage for Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2020 06:43 AM
Is there anyone out there who has successfully used an external credential storage repository (not CyberArk)? For Discovery, I need to get credentials from a third party vault and store them in the ServiceNow instance.
I've read these docs:
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/c_Ex...
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/exte...
and I have created a JAR file (that just does some logging for now). I attached the JAR to the mid server. How do I go about executing this JAR so that I can test my code?
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-20-2020 07:09 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-20-2020 08:08 AM
no that is not true - once the external credential plugin is enabled and you've written the JAR file to communicate with that credential storage system, the mid server will use a pointer, credential ID. The mid server retrieves the credential associated with that credential ID, uses it and returns it back to the external credential storage system. We do not store that credential on the instance nor do we send it to the instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-27-2020 06:18 PM
Hurray! It works!
Here's what I did:
- Coded up my little CredentialResolver with a main() method based on the demo version in the docs to debug, but calling into the relevant API and retrieving credentials. Debugged until it mostly works.
- Installed the External Credential Storage plugin. (It's free, but has to be installed by ServiceNow?! x^P)
- Created a credential to test with, marking it external.
- Built my jar file.
- Created a jar record for the mid server and attached the jar file. (Mid restarts, synchs jar file.)
- Test credential.
- Bang head on keyboard.
- Tinker with something ineffectual.
- (Repeat steps 6 - 9)
- Modify package of CredentialResolver to package com.snc.discovery;
- (Repeat steps 4 - 6)
- Post good news to community.servicenow.com!
- Tim.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-29-2020 09:34 AM
Thank you so much for your reply! I can only imagine how good it feels to get to that screen. I've gotten through #6, except that the main() method in my jar is just doing some standard logging because I wanted to see when that method was called. So far I haven't been able to see those logs in the mid server.
Also--did you remove all the boilerplate code that was using a properties file to store the credentials?
Side question - did you find yourself using Java/Spring to make calling out to the API easier? Or did you use a simpler way to make the HTTP call?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2020 06:49 AM
Hi Tim, if you have some time, I would really appreciate if you could take a glance at the questions I asked in my first reply. I'm currently still working through this. Thanks for the help so far!