Masked type variable usage for Service Catalog



The Masked type variable in Service Catalog is used for storing sensitive or confidential information. (Note that although these variables are encrypted, they are not related to Encryption Support.) This article describes how to use and decrypt them. In order for the variable to be encrypted, you must check "use encryption" in the "type specification" tab of the variable, otherwise, the variable will be in plain text within the HTML source, and stored in plain text.

For more information about Masked variables, see the product documentation topic Variable types

Masked type variable setup

If you are using a Masked type variable for a catalog item, you would also create another variable of type Single Line Text. The Masked variable (named "A") will be shown in catalog item and request item records. The Single Line Text variable (named "B") will be hidden at the catalog item record but shown in the request item record so that the user can enter the confidential information.

To decrypt Variable A and populate the values to Variable B running on Request Item table, you would create a Before Insert or Update business rule. Create a business rule with the following parameters:

Name: Name of the business rule

  • Table: sc_req_item
  • Active: True
  • When: Before
  • Insert: True
  • Update: True

On the Advanced tab:


  • Condition: current.cat_item == <sys_id of the catalog item>
  • Script:
    (function executeRule(current, previous /*null when async*/) { 

    // Add your code here
    current.variables.B = current.variables.A.getDecryptedValue(); //current.variables.<variable name>

    })(current, previous)



Article Information

Last Updated:2019-12-26 16:48:50