automation-cloud
latest
false
UiPath logo, featuring letters U and I in white
Automation Cloud Admin Guide
Last updated Oct 31, 2024

Encryption

Overview

UiPath® enforces encryption in transit and at rest. All communications inbound to the UiPath Platform services and products require at least TLS 1.2. Additionally, all data at rest is encrypted using Transparent Data Encryption (TDE), which leverages AES 256-bit encryption.

Beyond TDE, we also employ Application Layer Encryption (ALE) for certain services. Some services automatically incorporate ALE - we refer to this as "Implicit ALE". For other services, the use of ALE is optional and can be chosen by you - we refer to this as "Optional (Opt in) ALE", some services do not currently support ALE.

Application-Level Encryption (ALE)

For services with ALE, either implicit or opted in for, you have the ability to choose who handles the encryption key. It could be managed by either UiPath or yourself.

  • UiPath-managed key:

    This option allows UiPath to create, store, and protect the keys used for encrypting your data.

    This is the default option, and it is automatically enabled in the Encryption tab of your Admin section.

  • Customer-managed key:

    This option grants you full control and responsibility over the creation, storage, and protection of the encryption keys used for safeguarding your data. Unlike the UiPath-managed key, where UiPath manages these tasks by default, with a customer-managed key (CMK), you directly handle these aspects in your own secure environment.

    Useful resources:



Encryption per service

The specifics of the encryption for each service or resource can be found in the table below.

For more information about ALE with Customer-Managed Keys, and guidance on how to set it up, please visit our ALE with CMK documentation.

Product

Resource

Encrypted resource fields

Encryption applied

Action Center

(Actions and Processes)

TasksData
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Optional - as opted in when creating the parent entity (i.e. the task catalog)

AI CenterDataset, data labeling sessions, pipeline data, and artifactsDatabase and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Optional1 - as opted in by the user

Automation CloudExternal applicationsCustomer access data
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

Automation CloudDirectory connectionsCustomer access data
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

Automation CloudExternal identity providersCustomer access data
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

Automation HubCustomer idea data

Database and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available

Automation Ops

API access keys

Access Tokens

Database and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available

Communications MiningAll datasetsDatabase and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available

Document UnderstandingDocument Manager sessions, document storage
Note: FormsAI sessions are not available on CMK-enabled accounts.
Database and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Optional1 - as opted in by the user

InsightsDataset, reportingDatabase and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available. Data that is ALE encrypted at its origin arrives encrypted in Insights.

Integration ServiceEvent dataDatabase and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available

Marketplace Database and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available

OrchestratorQueue Items

Specific Data

Output

  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Optional - as opted in when creating the parent entity (i.e. the queue)

OrchestratorAsset ValuesValue
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

OrchestratorCredential StoresOrchestrator credential stores content
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

OrchestratorCredential StoresNon-Orchestrator credential stores access data
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

OrchestratorStorage BucketsNon-Orchestrator storage buckets access data
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

Process Mining Database and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Not available

Task MiningRecorded data (includes PII masking)Database and storage
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Optional1 - as opted in by the user

Test ManagerCredentials for third party integration
Note: Credentials for integrations announced to be deprecated are not encrypted.
Configuration
  • Connection protocol: TLS 1.2

  • TDE: AES 256

  • ALE: Implicit

1 - The customer or their account teams must submit a ticket to enable ALE. The UiPath engineering team manages these requests, so please allow a few days for processing. Once we've enabled ALE, you can configure in the Admin section whether or not to use CMK.

  • Overview
  • Application-Level Encryption (ALE)
  • Encryption per service

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.