Configure Automation 360 with ARCON Key Vault
- Updated: 2024/11/25
Configure Automation 360 with ARCON Key Vault
Review the information to configure ARCON key vault.
Procedure
- Install the .35 version of Automation 360 Control Room: For more information, see Installing Control Room On-Premises.
-
Stop the following Control Room services:
- Automation Anywhere Control Room Messaging service.
- Automation Anywhere Control Room service.
-
Run the key vault utility for the ARCON key vault: To run the key vault
utility and update key vault connection settings:
-
As the Control Room administrator, access the Automation Anywhere Control Room installation directory that was created
during the initial Automation 360 installation.
For example: C:\Program Files\Automation Anywhere\Automation360
-
Download the latest version of the crutils.jar key
vault utility and copy to C:\Program Files\Automation
Anywhere\Automation360. To download the
crutils.jar file used to update the directory,
open a browser and access the A-People site: A-People Downloads page (Login required).
Note: If DB authentication is configured to use external key vault, the utility returns the following exception:
Database currently configured to retrieve credentials from key vault. Update database authentication to WINDOWS/SQL to proceed further and exit. -
Enter the following command by specifying the full path of the
certificate to upload the certificate to trust store located at
C:\Program Files\Automation
Anywhere\Automation360\pki\trust\store.ks:
> jdk11\bin\java -jar certmgr.jar -appDir .
-importTrustCert <Full path of the
certificate>
The ARCON Privileged Access Management server certificate can be in cer, crt, pem format.
- You must execute this utility using the JRE which is being used by the Automation 360 deployment. On Windows Server, run the jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Automation360\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -action UPDATE_KEY_VAULT_CONFIGURATION -configPath "C:\Program Files\Automation Anywhere\Automation360\config command on the command prompt (as administrator).
-
As the Control Room administrator, access the Automation Anywhere Control Room installation directory that was created
during the initial Automation 360 installation.
-
Enter the authentication details:
- Token URL: URL to get ARCON token
- Device Credential URL: URL to fetch device credentials
- Grant Type: Password (only password grant type is supported)
- Authentication username: Name of the API user that can get an access token and has permissions to fetch device credentials
- Authentication password: Password of the API user (it is masked during input and encrypted before persisting to file).
Verify key vault configuration, a successful configuration message is displayed. - Manually verify the entries in keyvault.properties file located at C:\Program Files\Automation Anywhere\Automation360\config directory.
- Restart Control Room service Automation Anywhere Control Room Messaging service and Automation Anywhere Control Room service.