- Release notes
Orchestrator release notes
Launching the Orchestrator Credentials Proxy 2.2.0
The release of the Orchestrator Credentials Proxy 2.2.0 brings a series of significant improvements aimed at enhancing reliability, and operational flexibility:
- New credentials store integrations
You can now configure two new credentials stores:
- CyberArk Conjur (read-only)
- Google Secret Manager
For more information on installation and configuration, check the Orchestrator Credentials Proxy page from the Orchestrator user guide.
- Improved error visibility for failed requests
We now log more detailed information for failed requests returning
4xxerrors (for example,400,401,403). These errors are also captured on the Orchestrator Credentials Proxy server, allowing support teams to better troubleshoot connectivity and authentication issues that are not visible in robot logs or Orchestrator. - New public endpoint for runtime details
A new endpoint is available to retrieve current application details. This endpoint is useful when working with load balancers or debugging configurations.
The endpoint returns:
- The current Orchestrator Credentials Proxy version (for example, 2.2.0).
- The hash of the content of the
appsettingsfiles. - The hash of the content of the loaded plugin files
(
/pluginscontent). - A unique identifier for the running Orchestrator Credentials Proxy instance, allowing you to identify which instance handled a request when multiple instances are deployed behind a load balancer.
- A combined hash based on the application version and configuration contents
(including
appsettings,/plugins, and other files)This allows you to verify whether multiple instances behind a load balancer are truly identical.
- Startup validation for log file permissions
During startup validation (for both connected and disconnected modes), the proxy now checks whether it can write to the configured log file path. If it cannot, an error is logged to indicate insufficient write permissions, usually caused by IIS configuration issues. This check helps diagnose missing log files early without interrupting execution.
- Removed production use of local machine certificates in sign-in configuration
The use of local machine certificates defined directly in the
appsettingsfile (vialocation: localmachineandsignincredential.filepath) is no longer supported for production environments.
Updated VPN Gateway entitlement for Automation Cloud Robots
We updated the entitlement model for VPN Gateways to simplify configuration and reduce administrative overhead.
Allocating Robot or Platform Units to a tenant is no longer required to enable or configure VPN Gateways. Instead, each organization now receives a number of VPN Gateways at organization level, based on its licensing plan.
For more information on how to configure VPN for Automation Cloud Robots, check the Configuring VPN for cloud robots page.
Multiple entrypoints support for event triggers
You can now select and use multiple entrypoints for event triggers, enabling more complex trigger configurations.
Previously, if a user selected an entrypoint for a connected trigger and saved their changes, the configuration would reset, and the selected entrypoint would not persist.
