- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- Tenants and services
- Accounts and roles
- AI Trust Layer
- External applications
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud™
Encryption
UiPath® enforces encryption in transit and at rest. All communications inbound to the UiPath Platform services and products require at least TLS 1.2. Additionally, all data at rest is encrypted using Transparent Data Encryption (TDE), which leverages AES 256-bit encryption.
Beyond TDE, we also employ Application Layer Encryption (ALE) for certain services. Some services automatically incorporate ALE - we refer to this as "Implicit ALE". For other services, the use of ALE is optional and can be chosen by you - we refer to this as "Optional (Opt in) ALE", some services do not currently support ALE.
For services with ALE, either implicit or opted in for, you have the ability to choose who handles the encryption key. It could be managed by either UiPath or yourself.
-
UiPath-managed key:
This option allows UiPath to create, store, and protect the keys used for encrypting your data.
This is the default option, and it is automatically enabled in the Encryption tab of your Admin section.
-
Customer-managed key:
This option grants you full control and responsibility over the creation, storage, and protection of the encryption keys used for safeguarding your data. Unlike the UiPath-managed key, where UiPath manages these tasks by default, with a customer-managed key (CMK), you directly handle these aspects in your own secure environment.
Useful resources:
-
Overview of CMKs: Understand and use Customer Managed Keys.
-
Switching from customer-managed to UiPath-managed keys: Your guide for migrating from UiPath Key to CMK.
-
Enabling a firewall for the customer-managed key: Learn to set up a firewall for CMKs.
-
The specifics of the encryption for each service or resource can be found in the table below.
For more information about ALE with Customer-Managed Keys, and guidance on how to set it up, please visit our ALE with CMK documentation.
Product |
Resource |
Encrypted resource fields |
Encryption applied |
---|---|---|---|
Action Center (Actions and Processes) | Tasks | Data |
|
AI Center™ | Dataset, data labeling sessions, pipeline data, and artifacts | Database and storage |
|
Automation Cloud | External applications | Customer access data |
|
Automation Cloud | Directory connections | Customer access data |
|
Automation Cloud | External identity providers | Customer access data |
|
Automation Hub | Customer idea data
| Database and storage |
|
Automation Ops |
API access keys Access Tokens | Database and storage |
|
Communications Mining | All datasets | Database and storage |
|
Document Understanding | Document Manager sessions, document storage
Note: FormsAI sessions are not available on CMK-enabled accounts.
| Database and storage |
|
Insights | Dataset, reporting | Database and storage |
|
Integration Service | Event data | Database and storage |
|
Marketplace | Database and storage |
| |
Orchestrator | Queue Items |
Specific Data Output |
|
Orchestrator | Asset Values | Value |
|
Orchestrator | Credential Stores | Orchestrator credential stores content |
|
Orchestrator | Credential Stores | Non-Orchestrator credential stores access data |
|
Orchestrator | Storage Buckets | Non-Orchestrator storage buckets access data |
|
Process Mining | Database and storage |
| |
Task Mining | Recorded data (includes PII masking) | Database and storage |
|
Test Manager | Credentials for third party integration
Note: Credentials for integrations announced to be deprecated are not encrypted.
| Configuration |
|
1 - The customer or their account teams must submit a ticket to enable ALE. The UiPath engineering team manages these requests, so please allow a few days for processing. Once we've enabled ALE, you can configure in the Admin section whether or not to use CMK.