UiPath Installation and Upgrade

The UiPath Installation and Upgrade Guide

Setting up a Credential Store

Introduction

The credential store provides a way to use passwords without exposing these to developers.

The server administrator is responsible for setting up the credential store and filling it with passwords. The server administrator should provide a list of available credentials to developers. These developers can use the identifier of a password.

There are two available ways to store passwords:

  1. a JSON file on disk;
  2. in the Azure Key Vault.

📘

Note:

You can only use one of the methods simultaneously.

Creating a file-based credential store

The file-based credential store is a JSON file that resides on disk, called credential_store.json. This file must contain a single object, containing a set of key-value pairs, where:

  • key is the identifier that developers should use,
  • value contains the actual password.

Follow these steps to create a file-based credential store containing one password, with PasswordIdentifer as an identifier.

StepAction
1Create a new text file in the <PLATFORMDIR>\databases with name credential_store.json.
2Open credential_store.json using a text editor.
3Enter the following information in the file:
{ "PasswordIdentifier": "s3cr3tp4ssw0rd" }
4Save the file.
5Go to the Superadmin Settings tab.
6Add the following entry to the Server settings:
"CredentialStore": { "Type" : "File" }

The identifier PasswordIdentifier can now be used by developers and, when used, will result in the password s3cr3tp4ssw0rd.

Setting up an Azure Key Vault credential store

Azure Key Vault provides encryption for passwords, which makes it a safe and secure location to store passwords for UiPath Process Mining.

🚧

Important:

An Azure environment should be available for Azure Key Vault.

To set up an Azure Key Vault the following actions must be performed:

  1. Create a Key Vault;
  2. Generate a certificate;
  3. App registration for UiPath Process Mining;
  4. Set the correct permission for the Key Vault;
  5. Enable the Credential Store in UiPath Process Mining.

Creating a Key Vault

Follow these steps to create a Key Vault.

StepAction
1Go to the Azure Portal (https://portal.azure.com).
2Click on Create a resource.
3Search for Key Vault and click on Create.
4Enter a Name, select your Subscription, select or create a Resource Group and select a Location.
5Write down the Name of the Key Vault.
6Leave the access policy as default and click on Create.

You have created a Key Vault where you can store passwords in a secret way.

Generate a certificate

To secure the connection between UiPath Process Mining and Azure, a public/private key pair is needed, which will be referred to as a certificate.

Below is a description of two different ways to generate a certificate. The first is the easiest way to create a certificate but requires access to OpenSSL, e.g. through a Linux machine. The second method might be more complicated but only requires Azure.

OpenSSL

Follow the steps below to generate the certificate via OpenSSL.

StepAction
1Run the following command at the command line prompt:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my-certificate.pem -out my-certificate.pem.
2Leave all fields empty, the certificate my-certificate.pem will be generated.
3Run the following command:
openssl x509 -outform der -in my-certificate.pem -out azure-cert.cer.

This will generate a file my-certificate.pem, which is the private key needed to authenticate on Azure, and an azure-cert.cer which is a public key, to be uploaded to Azure.

Azure

Follow these steps to generate the certificate via Azure.

StepAction
1In the Azure Portal, go to All resources and click on your Key Vault.
2Go to Certificates and click on Generate/Import.
3Set Method of Certificate Creation to Generate.
4Enter a name for your certificate, for example, my-certificate.
5Set Type of Certificate Authority (CA) to Self-signed certificate.
6Enter a Subject, for example, CN=http://www.example.com.
7Set the Content Type to PEM and keep the rest of the default settings.
8Click on Create.

Follow these steps to download the generated certificate from Azure.

StepAction
1In the Azure Portal, go to All resources and click on your Key Vault.
2Select Certificates and click on your certificate.
3Right click on the current version, and if it is not enabled, select Enable.
4Click on the current version.
5Click on Download in PFX/PEM format and click on Download.
6Save the file to your disk as my-certificate.pem.
7Click on Download in CER format.
8Save the file to your disk as azure-cert.cer.
9Delete the certificate from Azure.

You now have a private key (my-certificate.pem), which will be used by the software and a public key (azure-cert.cer), which will be used by Azure.

App registration

To access the Key Vault from UiPath Process Mining, an app registration is required.

Follow these steps to perform the app registration.

StepAction
1In the Azure Portal go to Azure Active Directory.
2Go to Properties and write down/copy your Directory (tenant) ID.
3Click on App registrations.
4Click on New application registration.
5Enter a Name, select Web app / API as Application type, and fill in any valid Sign on URL.
6Click on Create.

You have completed the app registration.

Setting the correct permission

To enable UiPath Process Mining to link to the Key Vault the correct permission must be set.

Follow these steps to set the correct permission.

StepAction
1Go to your App registration and write down/copy your Application (client) ID.
2Go to Settings > Keys and click on Upload Public Key.
3Select the azure-cert.cer file created previously and click on Save.
4In the Azure Portal, go to All resources and click on your Key Vault.
5Select Access policies and click on Add new....
6Click on Select principal and select your App Registration. Click on Select.
7Select the Secret permissions– Get and click on OK.
8Click on Save.
9Go to Secrets and click on Generate/Import.
10Fill in the Name (this will be the identifier), and Value (this is a secret password).
11Click on Create.

It is now possible to link to the Key Vault from UiPath Process Mining.

Enable the credential store

Follow these steps to enable the credential store in UiPath Process Mining using the Azure Key Vault.

1Go to the Superadmin Settings tab.
2Add the CredentialStore entry to the Server Settings as displayed below.
"CredentialStore": {
    "Type"           : "AzureKeyVault",
    "TenantId"       : <Directory/Tenant ID>,
    "ClientId"       : <Client ID>,
    "VaultName"      : <KeyVaultName>
    "CertificateFile": <my-certificate.pem>
}

The identifier can now be used by developers and, when used, will result in the password specified in the value.

Updated 4 days ago


Setting up a Credential Store


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.