Use this example implementation to configure Secrets Management without using proxies, or giving ServiceNow access to your decrypted data.

For more detail on using client-side Secrets Management to manage access to passwords and groups, see Understanding client side Secrets Management.

These instructions assume you have a MID server configured on your local network. For information on this process see MID Server.

Process overview

1. Create encryption keys and certificate

Create encryption keys and a certificate using terminal commands on your local environment.

2. Add your certificate to the ServiceNow Trusted Key Store

Upload your key and certificate to the ServiceNow Trusted Key Store.

3. Create a secret group with criteria

Create a group for your secrets. Secret groups to organize your secrets into groups. Using these groups you can apply access policies to those secrets at a group level. Then associate your secrets group to an identity group, and add your MID server to that identity group.

4. Upload the public/private keypair to the MID Server

Upload your public/private keypair to your MID server. This keypair enables the MID server to handle authentication requests from your instance.

5. Create credentials and test credential encryption

Create a credential to authenticate into a third-party system and test that ServiceNow can't access the credential.

6. Configure Flow Designer to manage the integration

On your instance, use Workflow Studio to manage an integration between your local network and your instance.

7. Test the end-to-end client-side encrypted secrets integration

Test your integration, and review the execution details to confirm your configuration is working.