Encryption mechanism used in uipath platform

UiPath deals with data from different applications. While moving the data from one application to another is there an encryption mechanism that UiPath uses?This was a question in our Audit

@loginerror can you please help here.

1 Like

There are many places where data can be moved within the UiPath platform. Data in transit between all the components is encrypted by default. Communications are always initiated from the client side (Studio or Robot) to Orchestrator. Customers control the type of encryption by setting the Windows SCHANNEL settings and installing their certificate on the Windows server where Orchestrator is installed. If using our cloud Orchestrator then TLS 1.2 is required by minimum with support for TLS 1.3.

If you are asking about robots interacting with applications and whether the data is encrypted, that depends on the application. A robot accessing a website that is presented over HTTPS will require the robot to communicate with that application over an encrypted channel. A robot accessing a desktop application such as notepad will access it over native Windows channels which are not technically encrypted, but are highly protected. A good rule would be that if a human user were to access the application over an encrypted channel then a robot will also.

You may also be asking whether data that is copied from an application is encrypted while it sits in use to be inserted into another application. By default the answer is no, but it can be by using the provided Cryptographic Activities. It is also highly protected as it is only stored in RAM and not in a local file unless the developer specifically writes the activities to store it in a file. If a robot stops execution for any reason (completing an automation or closes due to an error, etc.), garbage collection is run and that data is immediately erased.

Hope this helps, but let us know if you need more information.


That was really helpful Kevin. This means UiPath does not do any kind of encryption by them at any point until and unless we use the cryptographic activities. Also this means we dont need to worry about encrytpion of data in transit as it will be only RAM.

We are not using orchestrator in our case as we are yet to reach the 10 robots mark(6 till now) Does this change anything?

Also can you please tell me what does this mean