Password (2 Way Encrypted) design considerations

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Password (2 Way Encrypted) Design Considerations

    This content outlines the design considerations for using Password (2 Way Encrypted) data within ServiceNow's Flow Designer. It provides guidelines on how to store, manage, and utilize encrypted password data securely in workflows.

    Show full answer Show less

    Key Features

    • Basic Options:
      • Label: Identifier for the data variable in the Flow Designer interface.
      • Name: Identifier for the data variable in script calls, limited to alphanumeric and underscore characters.
      • Type: Specifies the data type stored by the variable.
      • Mandatory: Indicates if a value is required when configuring an action.
    • Advanced Options:
      • Hint: Provides guidance for configuration.
      • Default Value: Predefined value when none is provided by the designer.
    • General Guidelines:
      • Assign values using existing Password (2 Way Encrypted) data pills only.
      • Manually entering Password (2 Way Encrypted) values is not permitted.
      • Valid field types for Password2 variables include email body fields, HTML fields, PowerShell input variables, and various REST and SOAP fields.
      • Flow Designer performs validation checks to prevent the use of incompatible types for Password2 data pills.

    Key Outcomes

    By following these design considerations, ServiceNow customers can effectively manage and secure password data within their workflows, ensuring that only authorized users with the appropriate encryption module can access and decrypt sensitive information. Adhering to these guidelines will help prevent errors and improve the reliability of automated processes in Flow Designer.

    Store encrypted password data that can be decrypted.

    Basic options

    Option Description
    Label Displays the label used to identify the data variable in the Flow Designer interface. The label can consist of any text.
    Name Displays the name used to identify the data variable in script calls. The name can only consist of alphanumeric and underscore characters. The system automatically converts the label into a valid name by removing or replacing any special characters.
    Type Indicates the type of data stored by the data variable.
    Mandatory Indicates whether the data variable must contain a value when configured in an action.

    Advanced options

    Option Description
    Hint Provides guidance to flow or action designers on how to configure the data.
    Default value Specifies the value used when a flow or action designer does not provide a value.

    General guidelines

    Follow these general guidelines when designing flows containing Password (2 Way Encrypted) data.
    Assign values using existing Password (2 Way Encrypted) data pills.
    You can only assign a value to a password2 variable by selecting an existing password2 data pill. Selecting values from other field types is not supported. Flow Designer presents a warning message when invalid data pill types are selected.

    The warning message displayed when dragging a non-password2 data pill onto a password2 field.

    Note:
    You cannot manually enter Password (2 Way Encrypted) values.
    Use Password (2 Way Encrypted) variables only for valid field types
    Flow Designer prevents selecting Password2 data pills as the value for invalid field types. The system presents a warning message when the field is an incompatible type.

    The warning shown when dragging a password2 field to a disallowed field.

    Flow Designer only allows Password2 data pills to be dragged into the following field types.
    • Email body fields
    • HTML fields
    • Password 2 Fields
    • PowerShell Input Variables
    • REST fields
      • Variables
      • REST payload body
      • Query parameters
      • Headers
      • REST multi-part form values
      • Form URL-encoded values
    • SOAP fields
      • Headers
      • Envelope
    Note:
    you cannot use Password (2 Way Encrypted) variables as conditions

    Flow Designer performs a validation check when a user saves, publishes, or tests actions and flows. This check shows that an alert for any data pills dropped in restricted field types and prevents the action or flow from executing. Update the action or flow to remove the invalid data pill and then retry the action.

    Set up encryption modules for decryption
    Only users with a valid encryption module access can decrypt and view the contents of password2 variables. To specify the encryption algorithm and which roles can access encrypted data, see Password2 encryption with KMF .