Powershell Activity encrypted password

garylfry
Tera Contributor

‎01-31-2019 06:54 AM

I am having problems trying to use an encrypted password in a PowerShell Activity.  I need to pass a Password into my PowerShell script which is used to access external systems such as SCCM, SCOM and vSphere.  I am also testing Terraform which has to take the password and inject it into the Terraform plan.  So once the password is in PowerShell it will be plain text, but I cannot figure out the process to have it encrypted until it reaches that point.  I tried using in put variables for the workflow and setting everything encrypted, but when I run the workflow the Password variable input is greyed out.  If I make it string then I can type in the field but it is clear text and not masked.  I tried creating Basic Authentication Creds in ServiceNow but any documentation I read shows how to create creds and not how to use or access them.  I am a new user in ServiceNow so just going off the ServiceNow help, documentation and other web searches but having no luck. 

Also, I saw something called tagging which made it seem like you could run the whole PowerShell script with the credentials that had that tag name but I could not get that to work.  I am profiecent in CA Process Automation and trying to move some of my orchestration into ServiceNow and CA Process Automation will use the creds you enter and run the command process with those creds which allows every command in the script to run under those creds.  So I would like to see if ServiceNow can do that as well.

 So to summarize, I need to find out best practices for sending a password into a PowerShell script to be used as a variable, and if there is a way to have the whole PowerShell script run under certain creds and not have to pass a variable.

 

Labels:
0 Helpfuls
  • 2,175 Views
3 REPLIES 3

Sebastian Roeme
Kilo Explorer

‎02-01-2019 05:22 AM

One of my customers is using ScriptRunner to store the PowerShell credentials in the Windows credential store. You don't need to work with credentials in the PowerShell script at all. Just look for ScriptRunner and PowerShell and you will find their website.

0 Helpfuls

brian_degroot
ServiceNow Employee
ServiceNow Employee

‎10-15-2019 03:22 AM

Something like this should work:

var password = "mypassword";
var probe = new SncProbe();
// Usual probe stuff - topic, name, source, etc...
probe.addEncryptedParameter("password", password);

Then, you could use this in a Powershell script by first importing the parameter:
$password=$env:SNC_password;

Then you could use '$password' in place of the actual plaintext password

 

0 Helpfuls

Oleg4
Kilo Contributor

‎03-30-2021 09:42 AM

If anyone here is trying to use the PowerShell step from IntegrationHub and wants to know how to pass sensitive data into the script as a variable, see https://docs.servicenow.com/bundle/paris-servicenow-platform/page/product/mid-server/reference/mid-s...

Just encrypt it via the AutomationAPI and send it over to the PowerShell step as if it were a string. Once it gets to the MID server, it will automatically get decrypted. 

// Script Step to encrypt the password:
var automation_api = new sn_automation.AutomationAPI();
var password = 'super secret';
var encrypted_password_str = automation_api.encrypt(password) + '';

// send encrypted_password_str to the PowerShell step as an input variable