How safe is password2 type field used in credentials table for Discovery?

Suggy
Giga Sage

We want to implement discovery. Understood that credentials table uses password2 type field which can be easily decrypted usings scripts. 

So it means its not safe to use this table? If not how to convince customer that its safe?

if its really not safe, should we use external credentials storage?

7 REPLIES 7

Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

for highest safety, best to use role-based authentication giving access to mid. that's what most of our customers do.

the 2-way encryption that you refer to is done through a secret key/decryptor, not everyone can do it - only someone with the admin rights. password2 2-way encryption is a standard approach and it gives protection. see here - https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/key-management-frame...

this is standard problem with all 'stored' passwords by the way.

Hi @Ram Devanathan1 

Could you please tell what exactly you meant by "role-based authentication giving access to mid"? 

Can you share any docs link please.

Hello @Ram Devanathan1  if you could please reply 🙂

Adding clarification on the phrase "only someone with admin rights can encrypt/decrypt" for Password2 –  there is no role restriction on using PW2. If a field is available for Password2 and Key Management Framework (KMF) is enabled, the field will be encrypted/decrypted.