UiPath.Credentials.Activities.GetCredential activity output is String type which is unsecure

security
credentials

#1

Hi,

In the latest UiPath (2016.2.6204), I see there are two GetCredential activities available for retrieving the credentials from Windows Credential Manager. The password retrieved using the activity UiPath.Credentials.Activities.GetCredential is returning the output as type String. This is unsafe as the password retrieved will be displayed as plain text if the developer accidentally uses the WriteLine or LogMessage to display the password variable. However I see the other activity UiPath.Core.Activities.GetRobotCredential is returning the output as type SecureString. But the UiPath.Core.Activities.GetRobotCredential can be used only with Orchestrator and cannot be used with individual back office robots.

Can you please change the output of UiPath.Credentials.Activities.GetCredential as well to type SecureString (or create a new activity). This will help in using this feature securely with individual back office robots (without Orchestrator). We really appreciate if you can provide a patch for this ASAP as our implementation is moving into production in next 3 weeks.

Thanks
Venkatesh


#2

This is actually a good one ISMS has been chasing me for this for ever, what I did is use runtime license and have someone logging into applications, odd for automation, but for God sake I cannot go other way. :slight_smile:


#3

@ssvenkyy @beesheep

You could build the activity yourselves.
Use this package as a start: https://www.nuget.org/packages/CredentialManagement/
And the Credential class from it - it can return a String or SecureString, it’s just that current UiPath implementation used just String.

Although the request itself is sound and it could be included possibly.
I’ll move it to Ideas section, as it’s an addition request.

Regards.


Get password and SecureString
#4

Sorry man, I tried to see what to do with the nupackage and when I add the source to uipath, it throws me an excel activity (pretty cool activity actually check it here) that I already have installed.

then I tried to change the extension to see if I can see the code from .nupckg to .zip but don’t know where to go from there (I also reivew the package with VB).

I know that in order to add a custom activity you should add the word “activities” to your custom activity I tried to do that but nothing…

I read about nupackages but don’t know how to achieve what you are suggesting. can you kindly shed more light on this, thank you and sorry to bother you this much.

Edit I already installed but is not showing on the activities, it was a typo… my mistake.

regards.