Hi @chandan2212 ,

This is generally not recommended or directly possible purely with a client-side script in ServiceNow.  

• Passwords should never be encrypted or handled on the client side. Any JavaScript encryption on the browser can be trivially bypassed by a malicious user.

• There is no supported/good way to "convert" a Masked variable to an encrypted Password variable from a client script. You must define the variable as type "Password (2 Way Encrypted)" from the start.

• If you need true two-way password encryption—where the value can be both encrypted and decrypted—you cannot achieve this using only client scripts, as these run in the browser and cannot perform secure encryption. Security best practice is to handle encryption/decryption strictly on the server side.

• No Direct Client-Side Decryption: You cannot decrypt a "Password (2-way encrypted)" field using client script directly in the browser for security reasons. Decryption should always happen on the server side (e.g., in a Business Rule, Script Include, or Flow Designer Script Action) when needed. 

• Client scripts cannot convert a masked value to two-way encrypted password and cannot perform true encryption in the browser.

The Correct Approach: Using a Server-Side Component (Script Include or Business Rule) with a Catalog Client Script.

The typical and secure way to handle this is to capture the masked input on the client side, send it to the server, and then use a server-side script to perform the 2-way encryption and store it in your "Password (2-way encrypted)" variable.

1. Create your variable in catalog item

2. Password (2-way encrypted) variable (Read only, hidden true)

Create a Script Include 

var PasswordEncryptionUtil = Class.create();
PasswordEncryptionUtil.prototype = Object.extendsObject(AbstractAjaxProcessor, {
    encryptPassword: function() {
        var clearTextPassword = this.getParameter('passwordToEncrypt');
        var encrypter = new GlideEncrypter();
        var encryptedPassword = encrypter.encrypt(clearTextPassword);
        return encryptedPassword;
    },

    type: 'PasswordEncryptionUtil'
});

This script will listen for changes in your u_masked_password_input variable, send its value to the server, and then populate your u_encrypted_password_for_flow variable.

Client Script

function onChange(control, oldValue, newValue, isLoading) {
    if (isLoading || newValue === '') {
        // If the form is loading or the new value is empty, clear the encrypted field and exit
        g_form.setValue('u_encrypted_password_for_flow', '');
        return;
    }

    // Call the server-side Script Include to encrypt the password
    var ga = new GlideAjax('PasswordEncryptionUtil');
    ga.addParam('sysparm_name', 'encryptPassword');
    ga.addParam('passwordToEncrypt', newValue); // Send the clear-text password from the masked field
    ga.getXMLAnswer(function(response) {
        if (response) {
            // Set the encrypted value to your 2-way encrypted variable
            g_form.setValue('u_encrypted_password_for_flow', response);
        } else {
            console.error('Error encrypting password via GlideAjax.');
        }
    });
}

Once the catalog item is submitted, the u_encrypted_password_for_flow variable will contain the 2-way encrypted password.

Thanks,
Bhimashankar H

-------------------------------------------------------------------------------------------------
If my response points you in the right directions, please consider marking it as 'Helpful' & 'Correct'. Thanks!