'Send SMTP Mail Message' Password - SecureString




The UiPath activity ’Send SMTP Mail Message’ needs a password in the properties pane for it to work. This password just needs to be a String but this is not a good solution as the password then will be exposed. I would like to request that it is changed so that it should be a SecureString.


Password field in MailMessages activities are not secure string

We have in mind this idea: all the activities that requires a password (email, terminals, office, etc) should accept a secureString as parameter.

However, it takes time so we do not look at it as having high priority.

Till then the solution is to convert the secureString to a String:



Thank you for your answer. Our security department is not happy about it so I would personally think it should be high priority :slight_smile: But thank you for the workaround!


@badita Do we know when do we have this planned? I have been asked this question a lot lately


We’re thinking about it.

Now, how would you see a possible implementation taking into account that:

  • You can anyway get the password out of a secure string
  • you may need to type password in different apps…therefore you can type it in notepad

Isn’t this enough?


I agree. But if we put it as a secure string, we can at least have the SMTP password stored in Assets under credentials and not visible as plain text. I am aware of the case where they could type into a notepad exposing the password. But in that case, the code reviewers have to ensure that the password is typed in the correct region. It makes a lot of clients uncomfortable seeing the passwords being visible as plain text. In my opinion it would be better to have something(secure string for the moment) rather than nothing


Till now this problem is unsolved or solved ?


Hello, I would also like to see a solution to this problem.


is there any solution?


I would say that this should be high priority. It’s hard to explain to clients how UiPath takes security seriously when the passwords are stored in plain text.