Automation Anywhere Enterprise A2019 enables developers to leverage an in-built Credential Vault to securely store and retrieve values like usernames, passwords, URLs, environment variables, etc. In this session, we'll look at how to set up a Credential Vault Locker, how to add a Credential to it, and how we can reference the attributes of those credentials from directly within our bot. Note: If you want to follow along with Micah in the demo, the challenge page he is using can be found here.
- What is the Credential Vault?
-
The Credential Vault is a centralized vault for securely storing values that can be provisioned to bots.
-
This vault enables the secure storage and retrieval of sensitive values using AES-256 encryption - the same encryption standard approved for use in the US government for the storage of Top Secret material.
-
Enables bots to be environment agnostic
-
Can be used for storing more than just credentials (URLs, environment variables, network share locations, folder mapping setup, etc)
-
- Anatomy of Credential Vault Storage
-
The top-level container in the Credential Vault is a Locker
-
Lockers are used to group and store one or more Credentials.
-
-
Credentials reside inside of lockers
-
Credentials are used for storing attributes - which can be leveraged while building and executing bots
-
-
Attributes reside inside of Credentials
-
Each attribute stores a specific value stored in the Credential Vault.
-
-
Example:
-
If I needed to store a username, password, and URL for a web application I'm automating.
-
I would create a Locker (unless I had one I was using already) to store my Credential
-
I would create a Credential to store inside of my Locker
-
I would add 3 attributes to that credential - to represent my username, password, and URL
-
-
-
-
Credential Vault Best Practices
-
Think of Lockers like folders - which hold multiple Credentials. As you work to automate different internal processes, consider how Lockers may enable you to group similar Credentials
-
A good practice would be having lockers that represent each line of business. In this way, similar accounts that may be used to complimentary business automations can be grouped together and have their access provisioned correctly.
-
Try to keep Credentials tied to a specific process or a specific application.
-
In this way, Credential attributes wouldn't need to be replicated within multiple Credentials or multiple Lockers
-
-
Consider the least privilege principle when providing access to different Lockers (and their respective Credentials)
-
The least privilege principle states that users should only have access to the specific resources they need to adequately perform the duty that they are required to do.
-
Using this approach, you can limit who has access to update Credential values as well as determine which roles can act as locker consumers - those users (bot runners) who will be able to view the Credentials and access the attributes therein at runtime.
-
-
Lockers, Credentials, Attributes, and Moving Environments
-
When Locker, Credential, and Attribute names are maintained across multiple environments, it becomes significantly easier to move bots from dev to test, and test to prod.
-
Leveraging these matching names means that the bots can be environment agnostic- and can be dynamic in the data they used as specified by the attribute values they leverage.
-
-
Conclusion
The Credential Vault is an incredibly powerful (and often overlooked) component of the Enterprise A2019 Control Room. By setting up secure, appropriately-provisioned - Lockers, Credentials, and Attributes - developers can safely and securely store and retrieve the data that their bot(s) may need for processing. For additional details on the Credential Vault, check out the Automation Anywhere Documentation Portal which includes some additional details on Credentials, Lockers, and Attributes as well as their respective configuration options. Go build secure, dynamic bots that can easily move from environment to environment with ease - and Go Be Great!
Bonus Tip
If you haven't checked it out yet, consider taking a look at the Credential Manager Package from Automation Anywhere's Bot Store. This free package enables developers to retrieve values from the Credential Vault that can be stored in variables for their use. This enables developers to access values whenever/wherever they need them, as opposed to only being able to use Credential Vault values in fields that have formally been established as Secure Strings in their underlying package actions.