1.How does the credential stored in orchestrator securely stored in the database? With what encryption?
2.How does the password securely transmitted when using get credential and set credential activities?
3.How does the type secure text activity able to type ciphertext,has the password been decrypted?
Due to the company’s security regulations, I need to know the principle or relevant information of the above question.
Credentials stored in the UiPath Orchestrator are encrypted using AES (Advanced Encryption Standard) with a 256-bit key.
AES-256 is a widely recognized encryption standard that provides a high level of security.
The encryption keys are managed securely and are not directly accessible.
Secure Transmission of Passwords:
When using the Get Credential and Set Credential activities, passwords are transmitted securely over HTTPS (HTTP Secure) using TLS (Transport Layer Security).
HTTPS ensures that the data is encrypted during transmission, protecting it from interception and tampering by third parties.
Type Secure Text Activity:
The Type Secure Text activity in UiPath is designed to handle secure strings (encrypted text).
When a secure string is used in this activity, it is decrypted in memory just before it is typed into the target application.
This ensures that the password remains secure until the moment it needs to be used, and it is not exposed in logs or in any other part of the workflow.
hi @pravallikapaluri ,thank you for your answer,there is one point I would like to consult in detail. About Credential Storage in [Orchestrator]:
How can I prove that the storage of credentials is secure, where is the encryption key stored, and if the encryption key is exposed, can anyone decrypt it?
Is there any documentation that proves that credentials are stored securely and cannot be decrypted?