Read and Review Automation Anywhere Documentation

Automation 360

Close Contents

Contents

Open Contents

Utility for key vault and database authentication configuration

  • Updated: 8/09/2021
    • Automation 360 v.x
    • Explore
    • RPA Workspace

Utility for key vault and database authentication configuration

This interactive utility helps the user to change the key vault and database authentication configurations.

User will execute this utility using the JRE that is being used by the control room, in the installation directory C:\Program Files\Automation Anywhere\Enterprise.

To download the jar file that will be used, please open a browser and proceed to A-People Downloads page (Login required).

Argument variables

  • -configPath

    Full path of the configuration directory.

  • -action
    Select from the following:
    • UPDATE_KEY_VAULT_CONFIGURATION

      This allows for the mapping to an external key, based on these three options:

      • AWS

        Connect to AWS Secret Manager.

      • CYBERARK

        Connect to CyberArk.

      • NONE

        Disable external key vault.

    • UPDATE_DB_AUTHENTICATION_CONFIGURATION

      Configure SQL authentication settings.

      • WINDOWS

        Change to Windows authentication.

      • SQL

        To change to SQL authentication where user provides username and password.

      • KEY_VAULT

        To change to SQL authentication using external key vault.

Note: The client certificate issued to the Control Room for authenticating to CyberArk needs to be in .p12 (pkcs#12) format with the private key.
Note: The imported CyberArk server certificate needs to be imported to Java trust store before invoking dbutility commands. The certificate can be in .cer (PEM) format and does NOT contain a private key.

Command

Execute this command within the directory C:\Program Files\Automation Anywhere\Enterprise:
> jdk11\bin\java --module-path .\lib\ -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>

Metrics for UPDATE_KEY_VAULT_CONFIGURATION

These are the metrics used by the UPDATE_KEY_VAULT_CONFIGURATION action.

Table 1. Key vault configuration metrics
Source→ Destination AWS CYBERARK NONE
AWS YES NO YES
CYBERARK NO YES YES
NONE YES YES YES
Note:
  • To change KEY_VAULT from one type of vault to another or to NONE, you must first manually set database and service account credentials that are currently being retrieved from the external key vault.
  • To change AWS to/from CYBERARK, user has to first change it to NONE.

  • To change NONE from AWS/CYBERARK, database should not be connected on KEY_VAULT.

This utility will prompt the user to provide specific input information based on the options selected.

UPDATE_KEY_VAULT_CONFIGURATION

AWS
Region →
Region to get secrets from on AWS secret manager.
CYBERARK
  • Vault URL →

    URL of the CyberArk password vault.

  • Application ID →

    The application identifier.

  • Certificate Path →

    Full path of the client certificate file.

  • Passphrase →

    Passphrase for the client certificate.

Note: Sometimes you will have to import a server certificate. Please follow these steps:
In the directory: C:\Program Files\Automation Anywhere\Enterprise, execute the following:
  1. Enter
    > jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
  2. Add these jvm arguments to the command for executing this utility.
    1. -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks"
    2. -Djavax.net.ssl.trustStorePassword=changeit
> jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>
NONE
  • If DB authentication is configured to use external key vault, the utility will throw exception as:
    Database currently configured to retrieve credentials from key vault. Update database authentication to WINDOWS/SQL to proceed further
    and exit.
  • The utility might ask a confirmation to user:
    Disable/update of key vault may impact functionalities using key vault (e.g. Active Directory configuration, Email Settings configuration). Make sure to update these settings (if any). Are you sure you want to continue?

UPDATE_DB_AUTHENTICATION_CONFIGURATION

WINDOWS
The utility will use the current logged-in user credential to connect to the DB provided during installation.
SQL
  • Username
  • Password
KEY VAULT
The utility will ask the user to provide input based on the key vault, and the connected control room.
  1. AWS

    Secret name → Name of the secret created on AWS secret manager of type database credentials or Plain Text with username and password as keys.

  2. CYBERARK

    Safe name → Name of the safe which has the credential.

    Object name → Name of the credential.

  3. NONE
    The utility will send exception as
    Key Vault configuration not found
    and exit.
Send Feedback