UiPath Orchestrator

The UiPath Orchestrator Guide

Managing Credential Stores

Creating a Credential Store

  1. Click Add on the Credential Stores page. The Add New Credential Store dialog appears.
  2. From the Type dropdown select which secure store is used. The available options depend upon which plugins have been enabled.
  3. The next steps will vary if your are creating an Orchestrator Database, CyberArk, or Azure Key Vault credential store.



You can only have one Orchestrator Database store.

Orchestrator Database

  1. Click Create, Orchestrator database stores do not have any configurable properties.

CyberArk Store



A CyberArk store are configured in multiple tenants using the same App ID, Safe, and Folder Name, will permit access to stored credentials across tenants. To maintain tenant-level security and isolation, ensure different configurations are used for each tenant's CyberArk store.

  1. In the Name field, type a name for the new credential store.
  2. In the App ID field, enter the application ID for your Orchestrator instance from the CyberArk® PVWA (Password Vault Web Access) interface. See here for details.
  3. In the Safe field, enter the safe name as defined in the CyberArk® PVWA. See here for details.
  4. In the Folder field, enter the location in which your credentials are stored by CyberArk®.
  5. Click Create. Your new credential store is ready for use.

Key Vault

Key Vault credential stores use RBAC type authentication. After you've created a service principal, perform these steps:

  1. In the Name field, type a name for the new credential store.
  2. In the Key Vault Uri field, enter the address of your Azure Key Vault. This is https://<vault_name>.vault.azure.net/.
  3. In the Client Id field, enter the Application ID from your Azure AD App Registrations section where the Orchestrator app was registered.
  4. In the Client Secret field, enter the secret needed to authenticate the client account entered in the previous step.
  5. Click Create. Your new credential store is ready for use.

Editing a Credential Store

From the Credential Stores page:

  1. From the More Actions menu of the desired store, select Edit. The Edit Credential Store dialog appears.
  2. For CyberArk® stores, you are able to edit the Name, Safe, and Folder properties.



The Orchestrator Database store does not have any editable properties.

Setting a Default Credential Store

When using 2 or more credential stores, you have the ability to select which is the default store used for Robots and Assets. The same store may be used as the default for both, or you can select a different default store for each.

To select a default store, from the More Actions menu select Set as robots default store and/or Set as assets default store.

Deleting a Credential Store

To delete a credential store, select Remove from the More Actions menu of the desired store.

If the selected store is in use a warning dialog will appear listing the number of robots and assets that will be affected. Click Delete to confirm the removal or Cancel to abort. Note that you must have at least one credential store active at all times, if only one is present than the option to delete it does not appear.



A credential store designated as default cannot be deleted, you must first select a different default store for the credential type.

Updated about a month ago

Managing Credential Stores

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.