Define a password property

Password properties allow you to add encrypted passwords to forms. Designers can specify minimum and maximum character counts (up to 255 characters), as well as whether to use field validation.

For example, assume that a third-party system needs to be updated for integration purposes but requires a user's credentials (including password) to call the third-party web service. In such cases, the required password value can be stored as a password property within a form.

When a password property is added to a message, its value will replace the property when the form is initiated. For example, if you add a password property to your messages named Emergency Conference Password, the value specified for the property will replace the property name wherever it appears when the form is sent.

Here's how the latter example property will appear to the message sender:

Security Considerations

Password properties are intended only to obscure passwords from casual inspection. This means that they will:

  • Be masked on forms when entering a value.
  • Remain encrypted while in transit to and from the integration agent.

However, through configuration or administrative permissions, it is possible to:

  • Send passwords out as plaintext.
  • View plaintext password values on the Events > Properties report.
  • Manually log the contents of a password field.
  • Retrieve the plaintext password value using the xMatters REST API.

To define a password property, specify the following details and then click Create Property or Save Changes:

Technical Context

xMatters users' passwords are stored in the xMatters database and encrypted using a one-way hash. By contrast, password property values must be stored using a symmetric cipher so xMatters can submit plaintext passwords to third-party systems and include plaintext passwords in notifications. As a result, a determined attacker could potentially retrieve password values from password properties.