How safe is password2 type field used in credentials table for Discovery?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 10:46 AM
We want to implement discovery. Understood that credentials table uses password2 type field which can be easily decrypted usings scripts.
So it means its not safe to use this table? If not how to convince customer that its safe?
if its really not safe, should we use external credentials storage?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 06:15 PM
for highest safety, best to use role-based authentication giving access to mid. that's what most of our customers do.
the 2-way encryption that you refer to is done through a secret key/decryptor, not everyone can do it - only someone with the admin rights. password2 2-way encryption is a standard approach and it gives protection. see here - https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/key-management-frame...
this is standard problem with all 'stored' passwords by the way.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 01:19 AM
Could you please tell what exactly you meant by "role-based authentication giving access to mid"?
Can you share any docs link please.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2024 07:31 AM
Hello @Ram Devanathan1 if you could please reply 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2024 11:39 AM
Adding clarification on the phrase "only someone with admin rights can encrypt/decrypt" for Password2 – there is no role restriction on using PW2. If a field is available for Password2 and Key Management Framework (KMF) is enabled, the field will be encrypted/decrypted.