Unable to import a credential

mpmacconnell
Tera Guru

I have a case where we had to change the password for the account we use for our Windows Discovery and SCOM connectors. For security reasons another team maintains the password and we do a screenshare for the enter the password into the credential.

 

They recently did this in our Production instance and I am trying to move it into our Pre-Production instances. I have the credential open and do the Export XML option. I then go into our Development instance and do the Import XML. When I import it, the credential will not work. It fails a credential test. But in Production that exact same credential passes just fine. Anyone have any ideas why this would not work?

1 ACCEPTED SOLUTION

Tony Chatfield1
Kilo Patron

Hi, if the password is stored in a password1 type encrypted field (IE sys_user password field), then the encryption is 1 way and you cannot decrypt the field, only the system can.
If the field is a password2 type encryption field (like the credentials table password field), then I believe that you can decrypt the field within the instance, but I do not believe that it would be decrypted as part of xml export process and testing in a PDI indicates that the PW is not decrypted during xml export.
I believe that this is correct and expected behaviour, otherwise it would be a security risk,

//docs.servicenow.com/bundle/tokyo-platform-administration/page/administer/reference-pages/reference/r_FieldTypes.html

 

View solution in original post

4 REPLIES 4

Tony Chatfield1
Kilo Patron

Hi, if the password is stored in a password1 type encrypted field (IE sys_user password field), then the encryption is 1 way and you cannot decrypt the field, only the system can.
If the field is a password2 type encryption field (like the credentials table password field), then I believe that you can decrypt the field within the instance, but I do not believe that it would be decrypted as part of xml export process and testing in a PDI indicates that the PW is not decrypted during xml export.
I believe that this is correct and expected behaviour, otherwise it would be a security risk,

//docs.servicenow.com/bundle/tokyo-platform-administration/page/administer/reference-pages/reference/r_FieldTypes.html

 

How do you know what type the credential field is?

You can check the data type via dictionary or Configure > Table