Using external key vaults
Use the external key vault technology by integrating the Automation 360 platform with third-party key vaults such as AWS Secrets Manager, Azure Key Vault, and CyberArk.
Third-party key vault integration
Automation 360 uses credentials to support business services, such as database connections, Active Directory Integration, and Simple Mail Transport Protocol (SMTP) operations. These services can be configured to retrieve the necessary authentication from the integrated external key vault. Only encrypted credentials can be passed from the Control Room to the Database server and are stored in the external vault.
Additionally, auto-login credentials and credentials used by RPA (bots) can be configured for retrieval from the integrated key vault.
- Any necessary database and user credentials.
- Any necessary credential requirements for the external key vault, such as secret keys and application IDs. Consulte los requisitos específicos de su almacén de claves externo en la página Configuración de la integración del almacén de claves externo.
Retrieving Bootstrap/System Credentials
Bootstrap credentials are those credentials used by the Control Room to access supporting services such as database, service account, Active Directory, and SMTP. Database, service account, and Active Directory credentials that are used by the Control Room are configured for retrieval either during initial installation or post installation via the key vault utility. SMTP credentials are configured through the UI under . Configure bootstrap credential retrieval during installation or post-installation by specifying the Safe Name and Object Name for the credential. When needed during the boot-up sequence, or during normal operation (refreshing a service authentication) the Control Room will use the key vault connection to retrieve the credential and perform the required authentication (e.g. to SQL Database, or to Active Directory for authenticating users).
Retrieving Auto-login Credentials
Auto-login credentials are those credentials used to authenticate to the Bot agent Device for the purpose of starting an active Windows Session (required for RPA to work). Auto-login is performed when launching automations on a remote Bot agent Device. Either manually or as a scheduled job, a Control Room administrator can launch an automation on a Bot agent Device by specifying the name of the automation, the device, and a user context. For example, run the automation named ProcureToPayGeoEast on the device named WinVDI1138 as user firstname.lastname@example.org. Prior to starting the automation, the platform will check if there is currently an active Windows session on device WinVDI1138 and if that session belongs to robiticworkeer2112. If not, the system will instruct the Bot agent Device to perform a Windows Login on device WinVDI1138 as roboticworker2112 using the Auto-login credential for roboticworker2112. The automation (bot) ProcureToPayGeoEast then starts to run on WinVDI1138 as roboticworker2112.
Auto-login credential retrieval from the external key vault is configured by an administrator in the Control Room under . If an external key vault connection is configured, there will be an option to configure Retrieve Auto-login credentials from external key vault. If this option in not present, the external key vault connection is not configured. If CyberArk is the configured external key vault, there will be an option to specify a Safe Name from where to retrieve the Auto-login Credentials. If the option to specify the Safe Name is not present, this means that CyberArk is not the configured external key Vault. The specified Safe Name is referred to as the Auto-login Credential Safe.
All Auto-login credentials will be retrieved from this Safe Name. All Auto-login credentials are assumed to be present within the Auto-login Credential Safe. If the system needs to perform Auto-login and there is no credential present in the Auto-login Credential Safe that matches the user for which the system is performing Auto-login, the Auto-login will fail. This means that for unattended automations, all robotic or digital worker user ids must have an Auto-login credential configured within the Auto-login Credential Safe.
Within the Auto-login Credential Safe, the Control Room will retrieve Auto-login credentials based on the Object naming convention within the safe. The Control Room will look for an object where the object name matches the Control Room user name for which it is performing Auto-login.
|Control Room user name||Nombre del objeto|
- "\" to "-"
- "-" to "-2d-"
- "_" to "-5f-"
- "@" to "-2e-"
Retrieving Automation Credentials
Automation Credentials are simply a variable type used by bot developers within automation actions to define and retrieve data from encrypted storage. Automation Credentials are typically used by the automation to authenticate to applications but can be used for any purpose. Automation credentials are retrieved by the automation (bot) during runtime.