orchestrator
2023.4
false
UiPath logo, featuring letters U and I in white

Orchestrator Installation Guide

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 5, 2024

Encrypting AppSettings.Production.json

Learn about encrypting AppSettings.Production.json.

Overview

Identity Server, Webhooks, and Resource Catalog Service AppSettings.Production.json files contain sensitive information one may want to secure. It is possible to encrypt/decrypt these files using the UiPath.ConfigProtector.exe tool.
Note: Once encrypted, the data cannot be changed by directly editing the AppSettings.Production.json file. It must be decrypted and then re-encrypted.

UiPath.ConfigProtector.exe

UiPath.ConfigProtector.exe is located in Orchestrator's installation directory. Its full path is: C:\Program Files (x86)\UiPath\Orchestrator\Tools\ConfigProtector.

Command Reference

Parameter

Description

--pe

Encrypts the AppSettings.Production.json file.

--de

Decrypts the AppSettings.Production.json file.
-f / --configfile
Indicates the file name and path of AppSettings.Production.json.
-o / --output

The encrypted/decrypted file is saved to a new file instead of overwriting the existing one.

--help

Displays information about the available commands.

--version

Displays version information.

--signing-settings

Allows you to add a configuration section of your choice to the tool's settings.

This command uses the dot notation.

Example: configprotector.exe --pe -f appsettings.Production.json --signing-settings Other.Path.Of.SigningCredentialSettings
--keys / k

Allows you to encrypt/decrypt keys that are not hardcoded.

This parameter need to be followed by a list of comma separated keys.

Example: configprotector.exe --pe -f appsettings.Production.json --keys Path.To.Key1,Path.To.Key2
Note: This should only be used in rare cases, and for keys that support encryption (which are mostly connection strings). An example of this is adding a new ledger subscriber with a new connection string, where you want to encrypt the new key without having to first decrypt the whole configuration, and encrypt it afterwards. The default paths that the tool already encrypts should suffice.

Identity Server

Encryption

To encrypt AppSettings.Production.json, perform the following steps AFTER installing Orchestrator:
  1. Open the Command Prompt.
  2. Run the following command:
    UiPath.ConfigProtector.exe --pe -f "C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json"UiPath.ConfigProtector.exe --pe -f "C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json"

Decryption

  1. Open the Command Prompt.
  2. Run the following command:
    UiPath.ConfigProtector.exe --de -f "C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json"UiPath.ConfigProtector.exe --de -f "C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json"

Webhooks

Prior to encrypting Webhook’s appsettings.Production.json, you need to add the signing certificate settings. You can copy the SigningCredentialSettings section from the Identity Server appsettings.Production.json file if you want to use the same certificate.
"AppSettings": {
    "SigningCredentialSettings": {
        "StoreLocation": {
            "Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
            "Location": "LocalMachine",
            "NameType": "Thumbprint"
        }
    }
}"AppSettings": {
    "SigningCredentialSettings": {
        "StoreLocation": {
            "Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
            "Location": "LocalMachine",
            "NameType": "Thumbprint"
        }
    }
}
  • Name represents the Thumbprint of your certificate.
  • We do not recommend using other values for Location and NameType.

Encryption

  1. Open the Command Prompt.
  2. Run the following command:

    UiPath.ConfigProtector.exe 
    --pe 
    -f "C:\Program Files (x86)\UiPath\Orchestrator\Webhooks\appsettings.Production.json"UiPath.ConfigProtector.exe 
    --pe 
    -f "C:\Program Files (x86)\UiPath\Orchestrator\Webhooks\appsettings.Production.json"

Encryption

  1. Open the Command Prompt.
  2. Run the following command:
    UiPath.ConfigProtector.exe --pe -f "C:\Program Files (x86)\UiPath\Orchestrator\Webhooks\appsettings.Production.json"UiPath.ConfigProtector.exe --pe -f "C:\Program Files (x86)\UiPath\Orchestrator\Webhooks\appsettings.Production.json"

Decryption

  1. Open the Command Prompt.
  2. Run the following command:
    UiPath.ConfigProtector.exe --de -f "C:\Program Files (x86)\UiPath\Orchestrator\Webhooks\appsettings.Production.json"UiPath.ConfigProtector.exe --de -f "C:\Program Files (x86)\UiPath\Orchestrator\Webhooks\appsettings.Production.json"

Resource Catalog Service

Prior to encrypting the Resource Catalog Service appsettings.Production.json, you need to add the signing certificate settings. You can copy the SigningCredentialSettings section from the Identity Server appsettings.Production.json file if you want to use the same certificate.
"SigningCredentialSettings": {
        "StoreLocation": {
            "Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
            "Location": "LocalMachine",
            "NameType": "Thumbprint"
        }
    }"SigningCredentialSettings": {
        "StoreLocation": {
            "Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
            "Location": "LocalMachine",
            "NameType": "Thumbprint"
        }
    }
  • Name represents the Thumbprint of your certificate.
  • We do not recommend using other values for Location and NameType.

Encryption

  1. Open the Command Prompt.
  2. Run the following command:
    UiPath.ConfigProtector.exe --pe -f .\appsettings.Production.json --signing-settings SigningCredentialSettingsUiPath.ConfigProtector.exe --pe -f .\appsettings.Production.json --signing-settings SigningCredentialSettings

Decryption

  1. Open the Command Prompt.
  2. Run the following command:
    UiPath.ConfigProtector.exe --pe -f .\appsettings.Production.json --signing-settings SigningCredentialSettingsUiPath.ConfigProtector.exe --pe -f .\appsettings.Production.json --signing-settings SigningCredentialSettings
  • Overview
  • UiPath.ConfigProtector.exe
  • Command Reference
  • Identity Server
  • Webhooks
  • Resource Catalog Service

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.