orchestrator
latest
false
UiPath logo, featuring letters U and I in white

Orchestrator user guide

Last updated Sep 15, 2025

Managing credential proxies

You can create and manage proxies for your own custom credential stores, allowing you to individually control the safety of your credentials.

Proxy types

You can choose between these two types:

  • Connected proxy (Managed by Orchestrator) - when a robot requests credentials, Orchestrator retrieves them from the proxy and passes them on to the robot.
    Figure 1. Connected proxy architecture

  • Disconnected proxy (Managed by the proxy service) - when a robot requests credentials, they are retrieved directly from the proxy, without having to go through Orchestrator. This type is only compatible with Robots version 23.10+.
    Figure 2. Disconnected proxy architecture Graphical representation of the disconnected proxy architecture
    Important:
    • Enterprise The disconnected credentials proxy is only available if you are on the Enterprise - Advanced licensing plan.
    • If you want to retrieve disconnected proxy credentials, you need to use the following minimum versions: 2.0.1 for the proxy, and 24.3 for the System Activities pack.

Creating a credentials proxy

Once you have installed the Orchestrator Credentials Proxy, you can create a custom proxy, which holds your custom credential stores.

Figure 3. Add Credentials Proxy page Screenshot of the Add Credentials Proxy page
To do that, follow the steps below:
  1. At the tenant level, click Credentials > Proxies > Add Credentials Proxy. The Add Credentials Proxy window is displayed.
  2. Choose either Connected proxy (Managed by Orchestrator) or Disconnected proxy (Managed by the proxy service).
  3. Add a name for your proxy.
  4. Add the URL pertaining to the virtual machine included in the Orchestrator Credentials Proxy setup.
  5. Add the key.

    For the connected proxy, depending on the installation method, this is either the secret key generated by the .msi installer, or the one held by the Jwt:Keys parameter.

    For the disconnected proxy, this must be a key that already exists in one of the disconnected proxy's local configuration files.

    The information you provide at steps 4 and 5 create the link between Orchestrator and the installation which contains your custom credential store plugins.

  6. Click Create.

    You can then add the desired store as follows:

  7. At the tenant level, click Credentials > Stores > Add credential store.
  8. From the Proxy list, select the proxy that you have just created.
  9. From the Type list, select the third party credential store defined by your plugin.

Editing a credentials proxy

To edit a proxy, click More Actions > Edit. The Edit Credentials Proxy page is displayed, allowing you to change the name, URL, or key as needed.

Deleting a credentials proxy

To delete a proxy, select More Actions > Remove. If the selected proxy is in use, a warning dialog is displayed, listing the number of robots and assets that will be affected. Select Yes to confirm the removal or No to abort.

Figure 4. Proxies tab

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2025 UiPath. All rights reserved.