π Business Use Case
Sometimes you need a way to securely capture a password or secret input in NetSuite β whether for:
- Connecting to a secure external system (e.g., SFTP, API)
- Encrypting/decrypting files
- Storing credential tokens securely using NetSuiteβs Key Management
With SuiteScript 2.0, you can now use the addSecretKeyField() method to create a secure password field that behaves differently from a regular text field:
- β Value is never visible in plain text
- β Cannot be read back via client script
- β
Can be safely used in
keyControlfor encryption operations
π‘ Goal
Create a Suitelet Form that:
- Prompts the user to enter a secure password
- Accepts a PEM file from the File Cabinet (as a private key)
- Encrypts or saves a keyControl key using that password and the PEM
π» Script: Add a Secret Key Field in a Suitelet
/**
* @NApiVersion 2.x
* @NScriptType Suitelet
*/
define(['N/ui/serverWidget', 'N/file', 'N/keyControl', 'N/runtime'],
function(serverWidget, file, keyControl, runtime) {
function onRequest(context) {
var request = context.request;
var response = context.response;
if (request.method === 'GET') {
var form = serverWidget.createForm({
title: 'Enter Secure Password'
});
var secretField = form.addSecretKeyField({
id: 'custfield_password',
label: 'Password',
restrictToScriptIds: [runtime.getCurrentScript().id],
restrictToCurrentUser: true // Ensures this field can only be accessed by current user
});
secretField.maxLength = 64;
form.addSubmitButton();
response.writePage(form);
} else {
// POST request β handle submitted password token
var passwordToken = request.parameters.custfield_password;
// Load PEM key file from File Cabinet (ID must be known)
var pem = file.load({ id: 422 }); // Replace with actual file ID
// Create key using KeyControl module
var key = keyControl.createKey();
key.file = pem;
key.name = 'MySecureKey';
key.password = passwordToken;
key.save(); // Save the encrypted key
}
}
return {
onRequest: onRequest
};
});
π Explanation of Key Concepts
| Concept | Description |
|---|---|
addSecretKeyField() | Adds a password-style input that is encrypted internally by NetSuite. Cannot be read as plain text. |
restrictToScriptIds | Limits which scripts can access this field value. Prevents misuse across scripts. |
keyControl.createKey() | Allows programmatic creation of secure keys that can encrypt/decrypt content or integrate with external platforms. |
file.load() | Used here to load a PEM file (private key) from the File Cabinet. |
π‘οΈ Why Use This Instead of a Text Field?
Using a regular FieldType.PASSWORD or TEXT is not secure. They can be exposed via logging or client scripts.
The Secret Key Field encrypts the input and makes it accessible only at runtime for authorized scripts β making it ideal for sensitive data.
π Example Use Cases
| Scenario | Secret Key Usage |
|---|---|
| π Encrypting files before upload | Password-protect a file using keyControl |
| π Connecting to SFTP using private key + passphrase | Use keyControl with SFTP connection logic |
| π Storing OAuth token secrets securely | Encrypt API tokens using secret-protected key |
| π§Ύ Encrypting custom field data | Hash user input with key + password combo |
π Important Notes
- The
addSecretKeyField()value is one-time usable β itβs not stored like other field inputs. - You’ll need to know your File Cabinet ID for your PEM/private key.
- Make sure to grant only authorized roles access to this Suitelet.
π§ͺ Want to Expand?
You can enhance this page to:
- Upload PEM file dynamically from the user
- Add key expiration or management UI
- Log successful encryption attempts to a custom record
- Integrate with external APIs or banks using encrypted tokens
Let me know if you’d like to build that next!
Leave a Reply