Access Azure Key Vault from ServiceNow

I have written last blog about accessing Azure KeyVault from Microsoft PowerAutomate

Access Azure Key Vault from PowerAutomate | Tech Wizard

This blog is all about accessing it from ServiceNow.

Accessing Azure Key Vault from ServiceNow can be a useful feature for managing sensitive information such as passwords, certificates, and API keys.

By using Azure Key Vault, you can centralize and manage secrets in a secure manner, while also leveraging ServiceNow’s capabilities for enterprise-level workflows and processes.

First register the AZUREAD APP with permission as user_impersonation from Azure Key Vault API.

To create an Azure AD application, follow these steps:

  1. Log in to the Azure portal.
  2. Navigate to the Azure Active Directory.
  3. Click on App registrations and then click on New registration.
  4. Enter a name for the application, and choose the appropriate account type.
  5. Click on Register to create the application.
  6. Note down the Application ID and Tenant ID. These values will be required later in the process.

    Below Permissions are required:

We will utilize the Client Secret here.

Note: Provide this app get secret rights to the Key vault from which you want to read the secrets

Now in ServiceNow Flow designer you need to create two actions:

  1. To get the access token
  2. To get the secret from the Vault

Create a new REST action, create an API key type credentials

Under base URL enter below link as per your tenantid you can get that from azuread registered app by hitting endpoints:

In Service Now enter the v2.0 token link

Under Headers use:

Content-Type application/x-www-form-urlencoded

Under Request Content:





Next add Parse the Json action and select the Response body from above step and generate the target

Under Outputs, create a variable name accesstoken and drag the access_token to it.

Save, test and publish the flow.

This action will generate the access token that you will utilize in your next action to get the Secret from KeyVault.

Create a new action and define input as accesstoken

Add a REST STEP, under connection details add base url as your vault url, connection alias use anything from drop down as anyways we will be suing access token here

Under Request Details:

Resource path is your actual secret relative path, you need to end it by ?api-version=7.3 els eit will not work

ADD a Json Parser step

Under outputs define a output variable and get value which is your secret.

Go ahead, first generate the access token and then test this action to get the secret, if everything has been followed correctly, it will work 😊



Thanks for reading…

Tech Wizard

PowerShell Fast Track


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s