Read and Review Automation Anywhere Documentation

Automation 360

Close Contents

Contents

Open Contents

Configure external key vault integration

  • Updated: 2022/04/21
    • Automation 360 v.x
    • Install
    • RPA Workspace

Configure external key vault integration

You can integrate the Control Room with third-party key vault technology, including AWS Secrets Manager, Azure Key Vault, and CyberArk.

Prerequisites

  • AWS Secrets Manager
    Region
    Each AWS Region is designed to be isolated from the other AWS Regions.
    AWS Key
    Provide the AWS access key. For On-Premises installations, this key must also be an environment variable configured on the Control Room Server.
    AWS Secret Key
    Secret access key. AWS does not allow retrieval of a secret access key after its initial creation. For On-Premises installations, this key must also be an environment variable configured on the Control Room Server.
    AWS Session Token
    On-Premises installations require the session token to be an environment variable configured on the Control Room Server.
    Credential Identifiers to be used during installation
    • Database credentials
    • Service Account credentials
  • CyberArk
    Central Credential Provider API URL
    The CyberArk CCP URL endpoint on the CyberArk server.
    CyberArk Application ID
    The CyberArk issued Application ID.
    Certificate used to authenticate to CyberArk
    Control Room Client Certificate trusted by CyberArk AAM server. The certificate issued for this purpose will generally be requested from the administrative team within the organization that manages the internal Certificate Authority (CA) for the RPA environment. This certificate will be distributed in a passphrase protected file, and you will need to enter the passphrase to authenticate.
    Optional Certificate
    You can optionally load the CyberArk AIM Server certificate to the Control Room trust store here to make sure that the Control Room will trust the CyberArk server.
    Credential Identifiers to be used during installation
    • Safe and Object Name
    • Database credentials
    • Service Account Credential
  • Azure
    Vault URL
    The address for the Azure server.
    Client ID
    The Azure Client ID.
    Client Secret
    Key supplied by Azure to be paired with the Directory (Tenant) ID and User ID.
    Tenant ID
    The Azure Tenant ID.

The following illustration shows the default options:

Image with no external keyvault selected

The following information is required for configuring CyberArk integration:

Credentials used by the platform for services including database connections, Active Directory integration, and Simple Mail Transport Protocol (SMTP) can be configured for retrieval from the integrated external key vault.

Procedure

  1. From the Automation 360 installation wizard, select external key vault and enter the authentication information as required:
    External key vault Authentication settings
    AWS Secrets Manager Enter the Region, AWS Key, and Secret Key for the AWS Secrets Manager.
    CyberArk Enter the CyberArk endpoint URL, application ID, and certificate trusted by the CyberArk CCP endpoint.
    Azure Enter the Vault URL.
  2. Click Next.

Next steps

Configure application Transport Layer Security
Send Feedback