Secret Server and ServiceNow

Delinea Secret Server is a vault where a user can store different types of credentials. This plugin enables ServiceNow to fetch (for example, passwords and keys), directly from Secret Server without storing them in the ServiceNow database. The REST API for Secret Server utilizes an OAuth2 token for authentication. The Java class that our Credential Resolver uses was written to handle two modes of authentication.

Secret Server Implementation Modes

Secret Server offers the following two implementation modes.

Just-In-Time mode

In this mode, the MID Server agent configuration file is modified to include the Secret Server API account’s credential in encrypted format. The MID Server agent handles authenticating to the REST API and requesting the needed OAuth2 token to retrieve secrets.

You must provide credentials (for example, username and password) in encrypted format within the configuration file. If this method is used to ensure access to the MID Server, the agent’s folder is restricted.

Grant File Mode

In this mode, the MID Server agent configuration file is modified to include the path to an oauth2_grant. json file. This file contains the access token the agent will use to authenticate API calls. It requires an external source to write the OAuth2 token to the file.

The external source requires execution on a regular schedule based on the Web Services configuration of your Secret Service instance. The Windows Task Scheduler is the recommended mechanism.