Define a password property
Password properties allow you to add encrypted passwords to forms. Designers can specify minimum and maximum character counts (up to 255 characters), as well as whether to use field validation.
For example, assume that a third-party system needs to be updated for integration purposes but requires a user's credentials (including password) to call the third-party web service. In such cases, the required password value can be stored as a password property within a form.
When a password property is added to a message, its value will replace the property when the form is initiated. For example, if you add a password property to your messages named Emergency Conference Password, the value specified for the property will replace the property name wherever it appears when the form is sent.
Here's how the latter example property will appear to the message sender:
Password properties are intended only to obscure passwords from casual inspection. This means that they will:
- Be masked on forms when entering a value.
- Remain encrypted while in transit to and from the integration agent.
However, through configuration or administrative permissions, it is possible to:
- Send passwords out as plaintext.
- View plaintext password values on the Events > Properties report.
- Manually log the contents of a password field.
- Retrieve the plaintext password value using the xMatters REST API.
To define a password property, specify the following details and then click Create Property or Save Changes:
Name of the property displayed in email, text, and push messages.
|Minimum Size||Specifies a minimum number of characters that must be typed.|
|Maximum Size||Specifies the maximum number of characters that can be typed, up to 225.|
Optional descriptive text that appears beside this property in the list on the Properties tab. You can use this to explain anything about the property that other workflow designers might find useful - it isn't shown to message senders or recipients.
Text that appears on the form below the setting that's intended to help the message sender understand the intention of the property setting. Although this value is not mandatory, it should be used when the setting is potentially complex, or requires specific explanation to clarify its meaning in the context of the form.
Determines whether to apply validation to the text field, based on regular expressions. If selected, the following settings become available:
xMatters users' passwords are stored in the xMatters database and encrypted using a one-way hash. By contrast, password property values must be stored using a symmetric cipher so xMatters can submit plaintext passwords to third-party systems and include plaintext passwords in notifications. As a result, a determined attacker could potentially retrieve password values from password properties.