UiPath Installation and Upgrade

The UiPath Installation and Upgrade Guide

Encrypting UiPath.Orchestrator.dll.config Sections

The UiPath.Orchestrator.dll.config file contains sensitive information one may want to secure. It is possible to encrypt sections in this file with the UiPath.Orchestrator.Cli.exe tool with the protected-configuration command.



Once encrypted, the data cannot be changed by directly editing the UiPath.Orchestrator.dll.config file. It must be decrypted and then re-encrypted.


UiPath.Orchestrator.Cli.exe is a CLI tool wrapped over aspnet_regiis.exe. The tool accepts all arguments passed to aspnet_regiis.exe and adds missing .NET Core functionality. It can be found in Orchestrator's root installation directory.

Here's an overview of the main operations performed by the UiPath.Orchestrator.Cli.exe tool.

  1. Renames web.config to web.config.copy and UiPath.Orchestrator.dll.config to web.config.
  2. Prepares web.config for aspnet_regiis.exe invocation.
  3. aspnet_regiis.exe is invoked in another process with the arguments passed to the console app.
  4. Prepares web.config after aspnet_regiis.exe has been invoked.
  5. Renames web.config to UiPath.Orchestrator.dll.config and web.config.copy to web.config.

If at any point during the migration an exception is thrown or the process that invokes aspnet_regiis.exe returns an exit code different than 0, the attempt is aborted, and both files are restored to their initial value.

Using UiPath.Orchestrator.Cli.exe

The EncryptionKey in the secureAppSettings section of UiPath.Orchestrator.dll.config is used to encrypt/decrypt passwords for credential assets and Robot credentials without the need for an additional tool. It is automatically generated when you first install Orchestrator.

This section can also be encrypted using the Using UiPath.Orchestrator.Cli.exe tool with the protected-configuration command, to ensure that nobody can use the key to decrypt the information you store in Orchestrator.


-peIndicates the configuration section to be encrypted.
-siteRepresents the virtual path's site specified as the value of the -app argument. Change the value of this argument ("UiPath Orchestrator") if your instance’s name is different. If this is not specified, the default website name is used.
-appEncrypt at this virtual path. It must begin with a forward slash. If the value is just '/', then it points to the root of the site.
-provThe library used to encrypt the secureAppSettings. The only supported value is "RsaProtectedConfigurationProvider".

For more information about the Aspnet_regiis.exe tool, read the official Microsoft documentation.


To encrypt the aforementioned section of the UiPath.Orchestrator.dll.config file, perform the following steps AFTER installing Orchestrator:

  1. Open an elevated Command Prompt.
  2. Run the following command.
cd “C:\Program Files (x86)\UiPath\Orchestrator\Tools\Cli”
.\UiPath.Orchestrator.Cli.exe protected-configuration -pe "secureAppSettings" -site "UiPath Orchestrator" -app "/" -prov "RsaProtectedConfigurationProvider"



Orchestrator's default installation folder is C:\Program Files (x86)\UiPath\Orchestrator.

The XmlEncAES256Url algorithm is used for encrypting the RsaProtectedConfigurationProvider section. To this end, useFIPS is set to true and the following section is added in UiPath.Orchestrator.dll.config.

`<add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
        useMachineContainer="true" useFIPS="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
        name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />`


  1. Open an elevated Command Prompt.
  2. Run the following command.
cd “C:\Program Files (x86)\UiPath\Orchestrator\Tools\Cli”
 .\UiPath.Orchestrator.Cli.exe protected-configuration -pd "secureAppSettings" -site "UiPath Orchestrator" -app "/"



Orchestrator's default installation folder is C:\Program Files (x86)\UiPath\Orchestrator.

Updated about a year ago

Encrypting UiPath.Orchestrator.dll.config Sections

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.