Define a password property

Password properties allow you to add encrypted passwords to communication plan forms. Designers can specify minimum and maximum character counts (up to 255 characters), as well as whether to use field validation.

For example, assume that a third-party system needs to be updated for integration purposes but requires a user's credentials (including password) to call the third-party web service. In such cases, the required password value can be stored as a password property within a form.

When a password property is added to a message, its value will replace the property when the form is initiated. For example, if you add a password property to your messages named Emergency Conference Password, the value specified for the property will replace the property name wherever it appears when the form is sent.

Here's how the latter example property will appear to the message sender:

Security Considerations

Password properties are intended only to obscure passwords from casual inspection. This means that they will:

Be masked on forms when entering a value.
Remain encrypted while in transit to and from the integration agent.

However, through configuration or administrative permissions, it is possible to:

Send passwords out as plaintext.
View plaintext password values on the Events > Properties report.
Manually log the contents of a password field.
Retrieve the plaintext password value using the xMatters REST API.

To define a password property, specify the following details and then click Create Property or Save Changes:

Password property details

Property details
Setting	Description
Name	Name of the property displayed in email, text, and push messages.
Minimum Size	Specifies a minimum number of characters that must be typed.
Maximum Size	Specifies the maximum number of characters that can be typed, up to 225.
Description	Optional descriptive text that appears beside this property in the list on the Properties tab. You can use this to explain anything about the property that other communication plan designers might find useful - it isn't shown to message senders or recipients.
Help Text	Text that appears on the form below the setting that's intended to help the message sender understand the intention of the property setting. Although this value is not mandatory, it should be used when the setting is potentially complex, or requires specific explanation to clarify its meaning in the context of the form.
Validate	Determines whether to apply validation to the text field, based on regular expressions. If selected, the following settings become available: Pattern Library: Allows you select predefined regular expression patterns or to select Custom and define your own regular expression pattern. Pattern: text field you can use to define or edit a regular expression pattern. Note that you can select a predefined pattern from the Pattern Library drop-down list and then modify it to suit your needs (it will automatically be saved as a Custom pattern).

Technical Context

xMatters users' passwords are stored in the xMatters database and encrypted using a one-way hash. By contrast, password property values must be stored using a symmetric cipher so xMatters can submit plaintext passwords to third-party systems and include plaintext passwords in notifications. As a result, a determined attacker could potentially retrieve password values from password properties.