Enable AI agents to securely access SSH parameters in Agentic Desktop

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 2 Minuten Lesedauer

    • Enable AI agents to securely access credentials, such as usernames and passwords, through Desktop Action Parameter records. This approach protects sensitive values during desktop action execution without exposing them in agent instructions.

    Hinweis:
    Currently, Parameter and Parameter Value records are only supported for SSH connector, non-UI block desktop actions.

    Only the users with the sn_aia.admin role can create Parameter records for various parameters that the AI agent securely accesses during desktop action execution. To store both a username and a password, the AIA admin must create two separate Parameter records, one for the username "un_username_group" and one for the password "un_password_group".

    Then, users with the sn_aia.admin or now_assist_panel_user role can create Parameter Value records under the Parameter record to store the values. For example, under the "un_username_group" Parameter record, users can create a Parameter Value record to store usernames and under the "un_password_group" Parameter record, users can create a Parameter Value record to store passwords. Only one Parameter Value record can be created per user for each Parameter record. If multiple users need to trigger the same AI agent, each user must create a Parameter Value record for their own credentials.

    You can create Parameter records only for username and password. For any other SSH parameters, provide the values either in the agent instructions or in your instructions in the Now Assist panel.

    AI Agent instructions during execution

    The following example shows how an AI agent instruction can reference stored parameter names:

    Connect to SSH server and retrieve my session info. Here are my details:
    • IP address: 172.27.50.123
    • Port: 22
    • Retrieve the user name stored in "un_username_group" and the password stored in "un_password_group" parameter records.
    Hinweis:
    When triggering an AI agent, explicitly specify in your instructions whether the credentials are provided directly or stored in Parameter records. If Parameter records are used, clarify that the record names are for reference only and that the agent must retrieve the username and password from those records.

    Ensure that you use the exact names of the Parameter records. Parameter record names are case sensitive. For example, "UserName" and "username" are treated as different values.

    Create Parameter records for SSH credentials

    Create a Parameter record with a name that you can reference in your instructions so the AI agent can securely sign in to the SSH server and execute commands.

    Vorbereitungen

    Perform this task in the ServiceNow instance.

    Ensure that you have an active SSH server.

    Role required: sn_aia.admin

    Prozedur

    1. Navigate to All > Agentic Desktop > Desktop Action Parameters.
    2. Select New to create a Parameter record.
    3. Enter the name and description.
      For example, un_username_group or un_password_group
    4. Select Submit.

    Store username and password values in the Parameter Value records

    Create Parameter Value records for storing the actual username and password values so that AI agents can securely connect to the SSH server.

    Vorbereitungen

    Perform this task in the ServiceNow instance.

    Role required: sn_aia.admin or now_assist_panel_user

    Prozedur

    1. Navigate to All > Agentic Desktop > Desktop Action Parameters.
    2. Select a Parameter record from the list.
    3. Create a parameter value record.
      1. In the Desktop action parameter values related list, select New.
      2. Fill in the following fields.
        Field Description
        Name Unique name for this Parameter Value record that stores user name or password.
        User Read-only. Name of the user who creates this record.
        Hinweis:
        Only user with the sn_aia.admin role can edit this field and assign this record to any other user.
        Is sensitive Option to encrypt the value
        Value Value such as user name or password for connecting to the SSH server.
      3. Select Submit.