How to deal with a list of credentials in a secure way?

I have a list of credentials and there will be a loop to log in to a web site each time with one credential, which is the best way to save thoses credentials (Secure way) ? Is it ok if I just write then all in a excel file?

If you have Orch, you can save credentials in Orch,.

hi @YuzhouSONG

My first response will be to save them inside assets in orchestrator.

I mean it’s going to take you a while to create all of them by then you can access it using any robot whether you’re launching your robot from orchestrator or studio.

1 Like

@reda & @skini76, Any other option than saving in orchestration?

Windows credential manager

1 Like

Thanks, but my list of credentials is very long…

Hi @YuzhouSONG

Can you provide a bit more detail as to exactly what your concern is? Unless you have the data already stored somewhere in a digital format, you will need to manually generate the list at some point regardless of where you end up storing the credentials.

I have a few suggestions based on a few interpretations of your question below.

If you have a list of credentials somewhere (maybe in an Excel sheet) that you would like to encrypt, you could look at using the “Set Credential” activity to batch send your credential items.

If all you care about is keeping the credentials safe during the execution stage of the robot (maybe to prevent accidentally saving a password somewhere), then using a SecureString will encrypt any sensitive information. Be aware that you will then need to use SecureString activities to input these correctly.

If none of these suggestions are useful, then I will need to know more about what exactly your use case is and what exactly you are trying to prevent to help further.

windows credential manager or orchestrator like assets

Remember, by maintaining the credentials in a file or DB, you are increasing risk of your environment, if some one get access to the file/DB, he can access all those websites easily. So for the purpose of automation, don’t ignore the risk. In fact first think about the risk, then automation. If you are ready to compromise the security, there are 100 ways to do this, but I will be the first one to hack :smile:

These credentials are in a excel for now.

Great! So it appears that it is currently not possible to create Orchestrator assets from Robot. If I understand, this would solve your issue as you could create a robot to just load all those credentials into Orchestrator, converting passwords to SecureStrings.

As a workaround, this is what I propose:

Create a robot that can access the Orchestrator interface through your browser. The robot will need to load all of the credentials in your spreadsheet, then loop through each one and create an Orchestrator Credential asset for each one, then fill in the necessary fields. You could also consider having the robot create the asset then using the “Set Credential” activity in Studio. The robot may take a while to run if your credential list is extensive, but the work has to get done somehow, and this way you eliminate human error.

As a note on this, you will need to be careful about handling Strings and SecureStrings. Just remember that using “Type Into” with a SecureString or “Type SecureString” with a String will cause issues. Also remember that if you use “Set Credential”, you will need to provide a SecureString for the password.

Let me know if this helps. If what I am suggesting is unclear, I can create a workflow to demonstrate what I mean.

Depends, how is the Excel File being secured? Is it password protected? If so, then you could store the credentials to access the Excel File within Orchestrator as described below. As others have noted, storing credentials in something like Excel is a security risk. Given that you state it is a long list, would suggest storing in SQL Database and encrypt the password field. Then the automation can pull credentials/password from SQL in real-time and decrypt when typing into Web Site Login Page.

1 Like