Credential Management Questions

security
credentials

#1

Hi all,

I’m aware that UiPath Studio allows the user to invoke encrypted accesses through Window’s Credential Manager.
Here are my questions:

  • Assuming someone attempts to use my UiPath Studio, can he/she see my credentials using the Get Secured Credential or Type secured Text activities?
  • If I use the Get Password activity, my password will be stored in a variable, and thus be able to be pasted elsewhere by someone knowledgeable, correct?

Any help clarifying these questions will be most welcome.
Thanks


#2

Hi gonmartins,

Sort of, they can’t do it in the way you have described with Credentials because they send over a secure string (although technically this can be converted to a string). If you used Type Secured Text into a non-password box or into notepad then yes with if someone is able to access your computer then they could access your credentials.

We have had this conversation with the UiPath team and I think this has to be case of managing your internal security policy, i.e. never let anyone else access your machine. Furthermore, in a production environment you can set it up so only the robot knows the password to access that machine. The key is that any passwords are protected whilst in transit so cannot be intercepted.

And yes with Get Password you have to store it in a variable which can later be referenced. So the same point around your local security policies apply.

Richard