Home
Get Community Edition - FREE
LOG IN
Read and Review Automation Anywhere Documentation

Automation 360

Close Contents

Contents

Open Contents

Utility for key vault and database authentication configuration

  • Updated: 10/04/2021
    • Automation 360 v.x
    • Explore
    • RPA Workspace

Utility for key vault and database authentication configuration

This interactive utility helps the user to change the key vault and database authentication configurations.

User will execute this utility using the JRE that is being used by the control room, in the installation directory C:\Program Files\Automation Anywhere\Enterprise.

To download the jar file that will be used, open a browser and proceed to A-People Downloads page (Login required).

Argument variables

  • -configPath

    Full path of the configuration directory

  • -action
    Select from the following:
    • UPDATE_KEY_VAULT_CONFIGURATION

      This allows for the mapping to an external key based on the following options:

      • AWS

        Connect to AWS Secret Manager.

      • CYBERARK

        Connect to CyberArk.

      • NONE

        Disable external key vault.

    • UPDATE_DB_AUTHENTICATION_CONFIGURATION

      Configure SQL authentication settings.

      • WINDOWS

        Change to Windows authentication.

      • SQL

        To change to SQL authentication where user provides username and password.

      • KEY_VAULT

        To change to SQL authentication using external key vault.

Note: The client certificate issued to the Control Room for authenticating to CyberArk needs to be in .p12 (pkcs#12) format with the private key.
Note: The imported CyberArk server certificate needs to be imported to Java trust store before invoking dbutility commands. The certificate can be in .cer (PEM) format and does NOT contain a private key.

Command

Execute this command within the directory C:\Program Files\Automation Anywhere\Enterprise:
> jdk11\bin\java --module-path .\lib\ -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>

Metrics for UPDATE_KEY_VAULT_CONFIGURATION

The metrics used by the UPDATE_KEY_VAULT_CONFIGURATION action are as follows:

Table 1. Key vault configuration metrics
Source→ Destination AWS CYBERARK NONE
AWS YES NO YES
CYBERARK NO YES YES
NONE YES YES YES
Note:
  • To change KEY_VAULT from one type of vault to another or to NONE, you must first manually set database and service account credentials that are currently being retrieved from the external key vault.

  • To change AWS to CYBERARK or the other way around, you must first change it to NONE.

  • To change NONE from AWS/CYBERARK, database should not be connected on KEY_VAULT.

This utility will prompt the user to provide specific input information based on the options selected.

UPDATE_KEY_VAULT_CONFIGURATION

AWS
Region →
Region to get secrets from on AWS secret manager.
CYBERARK
  • Vault URL →

    URL of the CyberArk password vault

  • Application ID →

    The application identifier

  • Certificate Path →

    Full path of the client certificate file

  • Passphrase →

    Passphrase for the client certificate

Note: Sometimes, you will have to import a server certificate. Perform the following steps in the C:\Program Files\Automation Anywhere\Enterprise directory:
  1. Enter the following:
    > jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
  2. Add the following jvm arguments to the command for executing this utility.
    1. -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks"
    2. -Djavax.net.ssl.trustStorePassword=changeit
> jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>
NONE
  • If DB authentication is configured to use external key vault, the utility throws the following exception: 
    Database currently configured to retrieve credentials from key vault. Update database authentication to WINDOWS/SQL to proceed further
    and exit.
  • The utility might ask a confirmation to user: 
    Disable/update of key vault may impact functionalities using key vault (e.g. Active Directory configuration, Email Settings configuration). Make sure to update these settings (if any). Are you sure you want to continue?

UPDATE_DB_AUTHENTICATION_CONFIGURATION

WINDOWS
To connect to the DB provided during installation, the utility uses the credentials of the user currently logged in:
SQL
  • Username
  • Password
KEY VAULT
The utility asks the user to provide input based on the key vault and the connected control room.
  1. AWS

    Secret name → Name of the secret created on AWS secret manager of type database credentials or Plain Text with username and password as keys.

  2. CYBERARK

    Safe name → Name of the safe which has the credential.

    Object name → Name of the credential.

  3. NONE
    The utility sends the following exception and exit: 
    Key Vault configuration not found
Send Feedback

  • On This Page