External key vaults for Automation 360

External key vaults provide a secure, encrypted storage space for sensitive data used by RPA. Customers' sensitive data can be accessed and used by their RPA platform by storing the data in a corporate-approved key vault, such as CyberArk Password Vault, AWS Secrets Manager, or Azure Key Vault.

Automation Anywhere provides a secure key vault called Credential Vault. Requirements for external key vault usage are generally related to certain compliance standards and corporate security policies implemented by your IT and IT security groups. As part of their data security policies, these groups select and maintain corporate key vault services, and define the standards for the protection of sensitive data. The Automation 360 Control Room leverages external key vaults to store credentials for security and compliance.

Note: External key vault integration is not supported on Oracle Database.

Users and roles

The following users typically configure and work with external key vaults:

RPA Administrators: RPA Administrators who have AAE_Admin and AAE_Locker_Admin roles with permissions to administer Automation 360 Control Room and Credential Vault instances. The RPA Admin works with the customer External Key Vault Admin.
Customer External Key Vault Administrators: Customer External Key Vault Administrators who are responsible for the administration and management of the external key vault tasks (for example, setting up, managing, and creating access policies).

Benefits

The Automation Anywhere Credential Vault is secure and provides deep integration with the RPA platform. However, because corporate IT must provide secure data services as part of their IT security policies, the RPA platform might be required to use external key vault technology to comply with corporate standards.

External key vaults enable the RPA platform to fully comply with corporate requirements and can provide these additional benefits:

Deep integration with the Identity Provider (IdP) and corporate authentication platforms such as single sign-on (SSO) and Directory Services (such as Microsoft Active Directory).
Support of password rotation and synchronization with the systems used with the RPA platform.
Administration of the key vault and security best practices are performed by the IT group who manages the external key vault instead of the RPA administrators. As a result, the RPA platform becomes a consumer of the credential service.

Guidelines

External key vault integration guidelines support the operation of the RPA platform relating to the coordination, configuration, and consumption of credentials and sensitive data from the external key vault technology.

Coordination: Establish designated contacts for the key vault and RPA platform technologies and identify the individuals responsible for communicating operational guidelines, security policy, and compliance requirements for credential management.
Configuration: Designated contacts collaborate on the use case implementation and configuration requirements of the RPA platform and the external key vault.
Consumption: Based on which use cases are implemented, designated contacts monitor the integration of the RPA platform and the external key vault and coordinate credential rotation and naming requirements.