I want to find a way to make password hidden, But I have tried both Get Password and Get Credential, all of them can be output. Is there any better way to handle this ?
“Get Password” stores the password into a string (last I remembered), so that one is not recommended. But, “Get Credential” should store it into a SecureString type which is pretty hidden. You can also check the “Private” property and it won’t show the variable while Debugging.
Additionally, you could consider using CyberArk which I think many companies are moving toward to manage password storage more securely.
For the “Get Credential”, We can also view the password by using “Type Secure Text” to type into a input box.
So I think this way is not better than “Get password” at some point.
I will learn about CyberArk, If you can share some cases about this solution will be much appreciated
At this time, I don’t have experience utilizing CyberArk with UiPath. But, I suspect it still uses a SecureString and you can use any of the workarounds like using the vb net .NetworkCredentials() to decrypt it or typing it into Notepad or Input Box.
So, all you can do is hide the password from accidentally seeing it or ignorance of the workarounds. It is up to the developer to follow their security guidelines of password sharing, and use governance and audit trails to track password abuse. —I mean the goal should be to protect the developer, not give them a headache.
I guess being able to Type Secure String into a text box that is not encrypted is a problem since that can be done accidentally. Maybe there’s a way UiPath can update that so Type Secure String only works in text boxes that encrypt the strings, or something like that.
I agree with you, Thanks!
I want to be able to put a password in a field but I do not wish to expose the actual password in the code.
In other systems when you enter a password it shows dots … as you type in the password.
Is this a feature in UIPath?
The best practice is to use the “Type Secure Text” activity. This requires a SecureString type variable. To get a secure string of your password, you have a few options; you can store this in Orchestrator Assets then use Get Credential, you can use the Get Password activity but this outputs it to a string and only works on the user/machine that you typed it into (and is not recommended), or you can use any of the Credential activities from the UiPath Credentials activity package where you can extract from the local Windows or CyberArk store (I believe).
Hopefully, that answers it for you.