I’m currently working on improving the security of my connection with the SQL server. I’ve noticed that the connection strings display the username and password, which concerns me. I attempted to retrieve the credentials from the orchestrator, but encountered an error in the process. I’m seeking advice on the best approach to establish a secure connection to the database while keeping the user and password information safe.
Any help or suggestions would be greatly appreciated. Thank you!
Use Windows Authentication: Whenever possible, it’s recommended to use Windows Authentication to connect to the SQL server instead of SQL Server Authentication (username and password in the connection string). Windows Authentication leverages the user’s Windows credentials to authenticate with the database, eliminating the need to store or pass credentials in the connection string. This approach is more secure as it avoids exposing sensitive information.
Store Credentials in Orchestrator Assets: To store the SQL server credentials securely, use UiPath Orchestrator Assets. Instead of hardcoding the credentials in the connection string, store the username and password as assets in Orchestrator. Assets are securely encrypted and can be used by robots during runtime without revealing the actual credentials in the workflow. This way, you can centralize and manage the credentials from Orchestrator.
I’ve been using Windows Authentication, but I’m encountering this error, and I’m not sure what’s causing it.
And then, as you suggested, I tried to store the credentials in orchestrator. However, I encountered this error in the string, and I’m wondering if I might be referencing the variables incorrectly.
Considering these two statements, we can have two different scenarios to check, Firstly we can check if the below method of Converting the SecureString to String works and if the database connection is successful.
Here, PasswordStr is a String variable and will contain the actual password and you can use this variable in place of DbPassword in the Connection string.
After performing the above, if the DB connection is not successful, Check by Debugging the value of Password in Debug Panel (No need to share screenshots or data here), just check if it is the same password as provided.
If using latest versions, as mentioned by @ppr , we could use SecureConnectionString property, where you can keep the whole connection string as the Password in the Orchestrator, and after retrieving it as SecureString variable type you can directly place it in that property field.
Great news! It worked!! I followed your instructions, and the connection is now working smoothly. The only thing I encountered was an error with the method of converting, but I realized that putting “New” first resolved the issue:
PasswordStr = New System.Net.NetworkCredential(String.Empty,DbPassword).Password
I want to express my sincere appreciation to all of you for your help <3 Thank you, and I wish you all a fantastic day!!