orchestrator
2023.4
false
- Getting Started
- Requirements
- Best Practices
- Installation
- Updating
- Identity Server
- Troubleshooting startup errors
Orchestrator installation guide
Last updated Sep 24, 2025
The
UiPath.Orchestrator.dll.config file contains sensitive information one may want to secure. It is possible to encrypt sections in this file with the UiPath.Orchestrator.Cli.exe tool with the protected-configuration command.
Note: Once encrypted, the data cannot be changed by directly editing the
UiPath.Orchestrator.dll.config file. It must be decrypted and then re-encrypted.
UiPath.Orchestrator.Cli.exe is a CLI tool wrapped over aspnet_regiis.exe. The tool accepts all arguments passed to aspnet_regiis.exe and adds missing .NET Core functionality. It can be found in Orchestrator's root installation directory.
Here's an overview of the main operations performed by the
UiPath.Orchestrator.Cli.exe tool.
- Renames
web.configtoweb.config.copyandUiPath.Orchestrator.dll.configto web.config. - Prepares
web.configforaspnet_regiis.exeinvocation. aspnet_regiis.exeis invoked in another process with the arguments passed to the console app.- Prepares
web.configafteraspnet_regiis.exehas been invoked. - Renames
web.configtoUiPath.Orchestrator.dll.configandweb.config.copytoweb.config.
Important: If at any point during the migration an exception is thrown or the process that invokes
aspnet_regiis.exe returns an exit code different than 0, the attempt is aborted, and both files are restored to their initial value.
The
EncryptionKey in the secureAppSettings section of UiPath.Orchestrator.dll.config is used to encrypt/decrypt passwords for credential assets and Robot credentials without the need for an additional tool.
It is automatically generated when you first install Orchestrator.
This section can also be encrypted using the
Using UiPath.Orchestrator.Cli.exe tool with the protected-configuration command, to ensure that nobody can use the key to decrypt the information you store in Orchestrator.
Parameters
|
Parameter |
Description |
|---|---|
|
|
Indicates the configuration section to be encrypted. |
|
|
Represents the virtual path's site specified as the value of the
-app argument. Change the value of this argument ("UiPath Orchestrator") if your instance’s name is different. If this is not
specified, the default website name is used.
|
|
|
Encrypt at this virtual path. It must begin with a forward slash. If the value is just '/', then it points to the root of the site. |
|
|
The library used to encrypt the
secureAppSettings. The only supported value is "RsaProtectedConfigurationProvider".
|
For more information about the
Aspnet_regiis.exe tool, read the official Microsoft documentation.
Encryption
To encrypt the aforementioned section of the
UiPath.Orchestrator.dll.config file, perform the following steps AFTER installing Orchestrator:
The
XmlEncAES256Url algorithm is used for encrypting the RsaProtectedConfigurationProvider section. To this end, useFIPS is set to true and the following section is added in UiPath.Orchestrator.dll.config.
<code><add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
useMachineContainer="true" useFIPS="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></code><code><add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
useMachineContainer="true" useFIPS="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></code>
