The PasswordFieldDefinition renders two text boxes for entry and verification of passwords. 

The input text is masked in the field but the value is stored as clear text in the JCR.

If you want to store hashed password values, you can:

  • Use the password field to collect the value of the password entered by user and delegate the storage of the password and hashing to an underlying user manager. The user manager may be an internal Magnolia User Manager or an external user manager. See the Security app for an example of this approach.
  • Configure BCryptTransformer on the password field by specifying a transformerClass property in the field definition: 

    transformerClass = info.magnolia.ui.form.field.transformer.basic.BCryptTransformer

(warning) If you store a hashed value, you can no longer decode it to clear text. This is suitable when you want to authenticate against the password and only compare the stored hash against the hash of the password provided when logging in. If you need passwords in plain text so that they can be used to access other systems requiring authentication, we recommend you use the Magnolia Password Manager module.


fieldType: password

Password field properties

Simple password definition:

    - name: tabUser
      label: User
        - name: password
          fieldType: password
          label: Password 

Node name











See Referencing fields for further information.

You can use common field properties and the following properties in a password field definition:


<field name>


Name of field


optional, default is true

Encodes the password and visually masks the characters.


optional, default is true

Verifies that the contents of the two boxes match. When set to false the verification (second) box is not rendered.


optional, default is field.password.verificationMessage

Text displayed above the field. Displays as "Please verify your entry", retrieved from a message bundle.


optional, default is field.password.verificationErrorMessage

Text displayed when passwords don't match. Displays as "Passwords do not match", retrieved from a message bundle.


optional, default is info.magnolia.ui.form.field.transformer.basic.BasicTransformer

Property transformer class. Defines how the values are stored in the repository.

Add validators to define your own password policy such as minimum length and character types.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))