Utility for key vault and database authentication configuration
Change your database and key vault configuration settings by downloading and deploying this interactive utility to edit the JRE that is used by the Automation Anywhere Control Room to authenticate users.
This utility can be used to configure key vault integration post-installation or to reconfigure the key vault integration in response to some failure related key vault connection details, database authentication method, and/or database credential identifier within external key vault. Use during network downtime as to not interfere with existing RPA processes that may be underway.
To run this utility, you will need to access to the Automation Anywhere Control Room installation directory that was created during the installationAutomation 360. For example, C:\Program Files\Automation Anywhere\Enterprise and have downloaded the latest version of the utility.
Configuration directory options
You can update your authentication settings (external key vault or DB) within the accessible configuration directory.
-
If you are deploying an external key vault, the following options are used to map credentials between the Automation Anywhere Control Room and the chosen authentication server.
UPDATE_KEY_VAULT_CONFIGURATION
- AWS
Connect to AWS Secret Manager.
- CYBERARK
Connect to CyberArk authentication server.
- AZURE
Connect to the Azure authentication server.
- NONE
Disable external key vault.
- AWS
-
If you are using DB for authentication, you can configure these SQL authentication settings:
UPDATE_DB_AUTHENTICATION_CONFIGURATION
- WINDOWS
Change to Windows authentication.
- SQL
To change to SQL authentication where user provides username and password.
- KEY_VAULT
To change to SQL authentication using external key vault.
- WINDOWS
Metrics for UPDATE_KEY_VAULT_CONFIGURATION
The metrics used by the UPDATE_KEY_VAULT_CONFIGURATION action are as follows:
Source→ Destination | AWS | CYBERARK | AZURE | NONE |
---|---|---|---|---|
AWS | YES | NO | NO | YES |
CYBERARK | NO | YES | NO | YES |
AZURE | NO | NO | YES | YES |
NONE | YES | YES | YES | YES |
- To change KEY_VAULT from one type of vault to another or to NONE, you must first manually set database and service account credentials that are currently being retrieved from the external key vault.
-
To change AWS to CYBERARK or the other way around, you must first change the Source→ Destination setting to NONE.
- To change NONE from AWS/CYBERARK, database should not be connected on KEY_VAULT.
This utility will prompt the you to provide specific input information based on the options selected above.
For steps to update your key vault settings, see Update key vault configuration.
UPDATE_DB_AUTHENTICATION_CONFIGURATION
- WINDOWS
- To connect to the DB provided during installation, the utility uses the credentials of the user currently logged in:
- SQL
-
- Username
- Password
- KEY VAULT
- The utility asks the user to provide input based on the key vault and the connected control room.
- AWS
Secret name → Name of the secret created on AWS secret manager of type database credentials or Plain Text with username and password as keys.
- CYBERARK
Safe name → Name of the safe which has the credential.
Object name → Name of the credential.
- AZURE
Vault URL → The address for the Azure server.
Client ID → The Azure Client ID.
Client Secret → Key supplied by Azure to be paired with the Tenant ID and Client ID.
Tenant ID → The Azure Tenant ID.
- NONEThe utility sends the following exception and exit:
Key Vault configuration not found