The Automation Anywhere Control Room installation generates the Master key and Data encryption key.

The Automation Anywhere Control Room installation generates the following two keys:

Master key

This RSA-2048 bit key is managed by an administrator outside of the system. This key unlocks the Credential Vault. The administrator types the Master key each time the Control Room is started. When the vault is open, the master key is immediately erased from memory and it is not stored anywhere in the Automation Anywhere Enterprise product.

Note: If your Credential Vault is configured in manual mode, you cannot recover or generate the master key from the Control Room in case you lose it.

Data encryption key

This AES-256 bit key is stored in the Control Room database and is used to encrypt and decrypt the credentials at the time of storage or provisioning. This key is encrypted using the Master key. The Data encryption key does not leave the Credential Vault at any time. Credential encryption and decryption are done at the Credential Vault.