Mapping Automation Credentials in External Key Vaults
Specific authentication credentials and external vaults have restrictions regarding the usages of certain characters in usernames, phrases, and other text.
Automation Credentials
Automation Credentials are those credentials retrieved by the automation process during runtime and used by the automation Bot to authenticate with applications. Automation Credentials retrieved from external key vaults are mapped within the AA Credential Vault using the External Key Vault button when configuring Lockers and Credentials. The AA Locker is mapped to either a SafeName (CyberArk) or a secret prefix (AWS and Azure). A Credential is mapped to an ObjectName (CyberArk) or a secret body name (AWS and Azure).
To support AA User Defined Credentials functionality you may also create credentials with a Control Room UserName postfix as these credentials are retrieved based on the user context of the running bot, otherwise the System Credential is retrieved.
Due to different external key vaults prohibiting different "special" characters in secret names, you will need to encode some characters in the credential (secret) name in the external key vault based on the following tables:
| Automation Credential | AWS Prefix | AWS Secret Body | Secret in AWS | CR Username |
|---|---|---|---|---|
| prefix_pdf System credential in locker mapped to AWS prefix. |
prefix | prefix_pdf (system) | none - system credential | |
| prefix_pdf_ACME\akshay User defined credential in locker mapped to AWS prefix. |
prefix | prefix_pdf_ACME--akshay | ACME\akshay | |
| prefix_pdf_ACME\askshay User defined Credential in Locker with hex mapping for dash in username. |
prefix | prefix_pdf_ACME--akshay-2d-user | ACME\akshay-user |
- The AWS Prefix maps to the locker for the Control Room.
- The AWS Secret Body maps to credential for the Control Room.
When deploying Azure credentials, the Azure Key Vault character "_" (the underscore) is a reserved character an cannot be used in credential names. Any "_" must be substituted with the ASCII code hex value "5f" bracketed by dashes.
| Automation Credential | Azure Prefix | Azure Secret Body | Secret in Azure | CR Username |
|---|---|---|---|---|
| prefix_pdf System credential in locker mapped to Azure prefix. |
cv1 | pdf-5f-cv1 (system) | none - system credential | |
| prefix_pdf_ACME\akshay The user defined credential in locker mapped to AWS prefix. |
cv1 | pdf-5f-cv1-5f_ACME--akshay | ACME\akshay |
- The Azure Prefix maps to the locker for the Control Room.
- The Azure Secret Body maps to credential for the Control Room.
| Automation Credential | SafeName | Object Prefix | Object in Locker | CR Username |
|---|---|---|---|---|
| System credential in locker mapped to SafeName. | finance | glaccess | glaccess | none - system credential |
| User defined credential in locker mapped to SafeName. | finance | glaccess | glaccess_ACME--RPA--bhavani | ACME\RPA\bhavani |
| User defined Credential in Locker with hex mapping for dash in username | fiance | glaccess | glaccess_ACME--RPA-2e-bhavani | ACME\RPA.bhavani |
- The SafeName maps to the locker for the Control Room.
- The Object Prefix maps to credential for the Control Room.