My Development team and I are currently reviewing security considerations around our workflows, and one of the potential issues we have raised is the accessibility of passwords from the Windows Credential Vault using UiPath.
Currently, while UiPath ‘Get Credentials’ can return a password as a ‘SecureString’ from the Vault, this can be converted to ‘String’ with an ‘assign’ activity and some code provided by UiPath in a previous forum post. The password is then easily visible and can be written to console/logs etc.
There also does not seem to be the option to maintain the password as ‘SecureString’ for all purposes, if the conversion from SecureString to String was somehow blocked/prevented- while there is a ‘Type SecureString’ activity, passwords in ‘SecureString’ format cannot be inputted in an Excel Application Scope.
Do the UiPath team have any advice/best practice on how to maintain the security of passwords when ‘Getting’ them from the Windows Vault?
Is there a long-term strategy for use of credentials and relevant activities/code within workflows that will maintain the security of passwords when they are inputted into a workflow? Specifically, is the conversion from SecureString to String going to be a permanent capability in UiPath Studio, or temporary measure before something more secure is implemented?