How to use Type Secure Text



Can someone please explain how to use the Secure Text activity? You can’t type the password directly into the activity, so I tried to create a secure text variable - didn’t work, tried just a string variable - still didn’t work.




This is mainly meant to type passwords that you get from the following activities:

Ex; you have a credential store in Orchestrator, you use the get asset credentials to assign a secure string variable and later pass it to Type secure text activity.



WindowsCredentialtest.xaml (16.7 KB)
Use this workflow, It will useful to you.

If you want to display the Secure Type Text…It will show System.Security.SecureString

By using Type Secure Text Activity, It will type the Correct Secure text by getting the Secure text from Windows Credential…


Hey @atevis

You can get an easy understanding from what @Florent_Salendres Mentioned.
I am just here adding some things for your understanding to get about secure string.

Secure String

Represents text that should be kept confidential, such as by deleting it from computer memory when no longer needed. This class cannot be inherited.

SecureString is a string type that provides a measure of security. It tries to avoid storing potentially sensitive strings in process memory as plain text. The value of an instance of SecureString is automatically protected using a mechanism supported by the underlying platform when the instance is initialized or when the value is modified. Your application can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.

The maximum length of a SecureString instance is 65,536 characters.

For More Info - SecureString Class

A SecureString object is similar to a String object in that it has a text value. However, the value of a SecureString object is pinned in memory so to get secure string as a string you can Use the

Because the operating system does not directly support SecureString, you must convert the value of the SecureString object to the required string type before passing the string to a native method. The Marshal class has five methods that do this:
Marshal.SecureStringToBSTR, which converts the SecureString string value to a binary string (BSTR) recognized by COM.

Marshal.SecureStringToCoTaskMemAnsi and Marshal.SecureStringToGlobalAllocAnsi, which copy the SecureString string value to an ANSI string in unmanaged memory.

Marshal.SecureStringToCoTaskMemUnicode and Marshal.SecureStringToCoTaskMemUnicode, which copy the SecureString string value to a Unicode string in unmanaged memory.

Each of these methods creates a clear-text string in unmanaged memory. It is the responsibility of the developer to zero out and free that memory as soon as it is no longer needed. Each of the string conversion and memory allocation methods has a corresponding method to zero out and free the allocated memory:

Convert Secure String to String

But there is one more thing as a one liner and good as well.

Network Credential Class

String to SecureString

SecureString secure_str = new NetworkCredential(String.Empty, “AkshPass”).SecurePassword;

SecureString to String

String s = new NetworkCredential(String.Empty, secure_str).Password;

Secure String Sample.xaml (5.9 KB)


Type SecureText
Orchastrator Credentials for Using IMAP, SMTP username and password
How can we display the secure string?
Data Encryption In Queue

Thanks Aksh, this really helped!


Thanks a lot… It worked very well.


A question on Secure String:

I get the Windows credential using “Get secure credential” activity and store the password into variable securePasswordStr, Now I want to use it in opening an excel. In Excel Application scope when I put the the variable securePasswordStr in the excel password filed. It gives an error as mismatch between datatype.

Now when I put
New System.Net.NetworkCredential(string.Empty, password).Password
in excel password, it works.

My question is: Why the simple securePasswordStr (which is SecureString) not working in excel password? If some one has to convert it to string which the actual password, doe snot defy the idea of security?