On-Premises integration using ARCON key vault

Procedure to integrate Automation 360 Control Room with ARCON key vault.

Prerequisites

Ensure that you have deployed the following:

Procedure

  1. As part of the key vault configuration for On-Premises deployment , we would be changing some of the values of the installation so to avoid the conflict we will be stopping the Control Room services:
    1. Automation Anywhere Control Room Messaging service.
    2. Automation Anywhere Control Room service.
  2. Run the key vault utility (crutils.jar) for the ARCON key vault configuration:
    1. As system administrator of the Control Room, access the Automation Anywhere Control Room installation directory that was created during the initial Automation 360 installation.
      For example: 'C:\Program Files\Automation Anywhere\Automation360'
    2. Download the latest version of the key vault utility (crutils.jar) from the following location:
      1. Open a browser and access the A-People site: A-People Downloads page (Login required).
      2. Click the link to the latest On-Premises build.
      3. Click the Installation Setup folder.
      4. Download the crutils.jar file.
    3. Enter the following command to run the key vault utility: jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Automation360\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -action UPDATE_KEY_VAULT_CONFIGURATION -configPath "C:\Program Files\Automation Anywhere\Automation360\config"
      • The UPDATE_KEY_VAULT_CONFIGURATION command helps you to edit the ARCON key vault configuration. Example: Enter ARCON to connect to ARCON key vault.
      • During the execution of the key vault utility, if there are any trust certificate issues when connecting to the ARCON server, get the server's certificate and import it to Automation 360 trust certificate store by using the command: C:\Program Files\Automation Anywhere\Automation360\pki\trust\store.ks: > jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
      • The ARCON server certificate can be in the .cer, .crt, or .pem format.
      • The certmgr.jar is part of the installation directory for your use.
    4. On the command prompt , enter the following authentication details:
      • Token URL: This is the ARCON host URL to get the token. Example: https://<host>/arconToken
      • Device Credential URL: This is the URL to get device credentials. Example: https://<host>/api/ServicePassword/GetTargetDevicePassKey
      • Grant Type: Enter password. Only password grant type is supported.
      • Authentication username: Name of the ARCON API user, which is used to get an access token with permission to retrieve device credentials.
      • Authentication password: Password of the ARCON API user (This value is masked during input and encrypted before it is saved to the file).

    A configuration success message is displayed:

    Key vault configuration was successful
  3. For reconfirmation, you can manually verify the entries in keyvault.properties file located at C:\Program Files\Automation Anywhere\Automation360\config directory. The directory should contain the following entries:
    Example:
    keyvault.type=ARCON_VAULT
keyvault.arcon.vault.token.url=https://<host>/arconToken
keyvault.arcon.vault.target.device.cred.url=https://<host>/api/ServicePassword/GetTargetDevicePassKey
keyvault.arcon.vault.auth.grant.type=password
keyvault.arcon.vault.auth.username=<username>
keyvault.arcon.vault.auth.user.password=<encrypted password>
  4. Restart the following Control Room services:
    1. Automation Anywhere Control Room Messaging service.
    2. Automation Anywhere Control Room service.