Credential Vault encryption
The Automation Anywhere Control Room installation generates the Master key and Data encryption key.
The Automation Anywhere Control Room installation generates the following two keys:
- Master key
- This RSA-2048 bit key is managed by an administrator outside of the system. This
key unlocks the Credential Vault. The administrator types the
Master key each time the Control Room is started. When the vault is open, the master key is immediately
erased from memory and it is not stored anywhere in the Automation Anywhere Enterprise
product.Note: If your Credential Vault is configured in manual mode, you cannot recover or generate the master key from the Control Room in case you lose it.
- Data encryption key
- This AES-256 bit key is stored in the Control Room database and is used to encrypt and decrypt the credentials at the time of storage or provisioning. This key is encrypted using the Master key. The Data encryption key does not leave the Credential Vault at any time. Credential encryption and decryption are done at the Credential Vault.