Design Best Practice - Get Credential

Help Activities
, ,
1

Hi all,

Please help settle a debate I’m having.

I’m retrieving an API secret from an Orchestrator credential. The API secret is required at the end of each REFramework transaction for a process with a lot of transactions.

Is it “better” practice to:

  1. Fetch the SecureString once during initialization and pass it as an input parameter where it’s needed,

or

  1. Fetch the credential from Orchestrator each time it’s needed, so that the SecureString only exists in a context where it’s needed.

Thanks

2

@rpa_jay

3

Hi @rpa_jay

Getting the data from orchestrator and storing in a variable is the best because for getting the data from orchestrator it would take some time so by initializing it to a variable you can save some time.
So I would suggest option1

Regards

4

with the recommendation of UiPath and some WFA rules, we are trying:

  • keeping the Credential / Secure Password as close as possible within the scope of usage
5

Hello,

i would go for the 2.

Because it is a best practice to reduce the scope of SecureString as close as possible to it’s usage, to minimize time it stays in memory.
Also it is not a recommandation to passe SecureString variable via arguments, So getting it in initialization and passing it in workflow isn’t a good idea imo.

Also Trying to follows standard UiPath rules is a good approach, like ST-SEC-007, ST-SEC-008, ST-SEC-009, because if your company deploys policies to make them as errors and force WA before publishing you will be blocked. I the policy I deployed for our company these rules generates errors and developers canno’t publish automations because we enforced workflow analyzer before publishing.

Hope this helps!