How to prevent Credentials to decrypt

Hi,

After saving the credentials in Orchestrator asset, anyone one easily decrypt the same, so is there anyway to prevent to expose the credentials in UiPath

Hi @Rrupam13

In UiPath Orchestrator we cannot see the password in the credentials in assets. The passwords will store in the cloud. We can change the password but we cannot able to see the stored password.

There is another way to store and get credentials from the local windows. Find the below one.

Windows Credential Manager: UiPath can also work with credentials stored in the Windows Credential Manager. This is a secure storage area in Windows where applications can store credentials, and they can be accessed by UiPath as well.

To access Windows Credential Manager from UiPath:

  • Install the “UiPath.CredentialManager.Activities” package from the “Manage Packages” section in UiPath Studio.
  • Use the “Get Credential” activity to retrieve stored credentials by providing the credential name (the one used when storing the credentials).
  • The “Get Credential” activity will output the username and password, which can be used in subsequent activities that require authentication.

Hope it helps!!

@Rrupam13

Ideally we cannot stop it…we would be able to decrypt the password…we should impose on developers not to do it…also if it is decrypted and pushed we can include workflow analyzer rules to check the same if it is being decrypted and published

cheers

1 Like

Yes I know that nobody can see the password from asset however anyone can write a script to decrypt the same, so my question was that how to prevent it even in script it should provide the garbage value for password

@Rrupam13

  1. Limit Permissions: In Orchestrator, control who can access the credentials by setting appropriate permissions. Only authorized users or roles should be granted access to view and use the credentials. Regularly review and update permissions to ensure the right level of access is maintained.
  2. Use Get Credentials Activity: When using credentials in a process, use the “Get Credential” activity to retrieve the credentials from Orchestrator during runtime. This way, the sensitive data is not hard-coded within the workflow, reducing the risk of exposure.
  3. Secure Storage of Config Files: If you need to store configuration files with sensitive data (e.g., API keys) locally, make sure you use secure storage methods, such as encrypting the configuration file or using UiPath’s Credential Manager activities to securely store the data.

There is no option to encrypt. In UiPath Orchestrator, you can control the permissions of users or roles to manage assets, including credentials.

With this only the developers who has access to manage the credentials.