Credentials and lockers in the Credential Vault

The Credential Vault securely stores sensitive information such as passwords, account numbers, and social security numbers in credentials and lockers for use in automation tasks. It facilitates role-based access for users of a Control Room and ensures that sensitive values are not stored in bots or on devices.

The Credential Vault consists of two main features: credentials and lockers.

Best Practices:
  • Each credential should contain a single password used for authentication to a specific system.
  • The credential may have additional attributes such as user name or hostname depending upon what is required in the authentication process that the credential is used for.
  • Credentials for applications that process data which requires the highest confidentiality have the least number of consumers where credentials for applications that require lower confidentiality can have a higher number of consumers. Segregate credentials based on applications and data confidentiality.
  • Lockers are created to hold credentials that are related to a specific business purpose or class of application based on confidentiality.
Credentials
A credential holds the sensitive information in attributes. An attribute can have a value that is standard for all users or it can accept a user-input value. For example, an Email credential can hold three attributes: host name (standard value), username (user input), and password (user input).
By default, all users can create, manage, and use their own credentials. A user is granted access to another user's credentials by receiving access to a locker that holds the credential. If the credential requires a user-input value, it appears in the CREDENTIAL REQUESTS tab.
A credential must be assigned to a locker to be used for building and running a bot.
Lockers
A locker specifies which users can view, modify, or access the credentials. For example, a human resources (HR) locker can hold Email, Database, and Training website credentials and allow only specific employees of the HR department to use the credentials in their bots.
A user with either the AAE_Locker Admin role or a user-created role with the Manage my credentials and lockers permission configures lockers, adds credentials, and grants access to other users.

Benefits of using the Credential Vault

Apart from providing a secure and centralized location for storing credentials, using the Credential Vault also:
  • Minimizes credential fraud.
  • Provides an environment to enable improved security.
  • Enables businesses to adhere to the processes and credential management compliance standards.
  • Offers increased automation opportunities with secure data applications.