Where can I find Database Credential for Orchestrator

Help Orchestrator
,
1

Hi Guys,

Where can I find the DB credentials for the Orchestrator (2023.10.4)?, I need to update it.

Thanks,
Dev

2

Method 1: Web.Config → C:\Program Files (x86)\UiPath\Orchestrator
Method 2: IIS

On the Orchestrator site in IIS, click on the “Connection String” button.
Edit the appropriate connection string as desired from the GUI.

3

C:\Program Files (x86)\UiPath is not available, and I do not have access to IIS Manager.

Is there an alternative location for the web.config file?

4

Go to Orchestrator UI → Tenant → Manage Access → find the impacted robot → Edit → Unattended setup → update the Domain\Username and Windows Password → Update or Save the change

Database manipulation approach with PowerShell scripts

Check in the Orchestrator database you can find the [dbo].[RobotCredentials] table.

Note: I tested in my Orchestrator 22.10.10 this password decode for an Orchestrator database storage credential storage (I think something similar needs to be present in 23.10.x):

Use the below SQL query to get the value for the [PasswordKey] column for your robot user.

SELECT * FROM [UiPath].[dbo].[RobotCredentials]
WHERE [UserName] = ‘mydomain\mydummy_user’;

In the Orchestrator server access C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json file and get the value for EncryptionKey in the EncryptionSettings key.

This is a screenshot of Notepad++ with multiple open files, displaying the content of the "appsettings.Production.json" file, which includes an encryption key. (Captioned by AI)
This is a screenshot of Notepad++ with multiple open files, displaying the content of the "appsettings.Production.json" file, which includes an encryption key. (Captioned by AI)799×182 14.9 KB

PowerShell password decode code:

# Add-Type -TypeDefinition $encryptor
$aesManaged = New-Object "System.Security.Cryptography.AesManaged"
$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
$aesManaged.BlockSize = 128
$aesManaged.KeySize = 256

$base64EncryptedString = "caguzqe7ShQztjbk4j4fq0xUsELg3F4O3S5MK7UqogWb/zfmwTGJRviHtKOaiWWV"
$base64KeyString = "yrSwGLd7sN0nkoV9IJaGqopMIszEcoFHWOwc4gNeYH0="

$encryptedWithIvBytes = [Convert]::FromBase64String($base64EncryptedString)

$iv = New-Object Byte[] 16  
$encryptedBytes = New-Object Byte[] ($encryptedWithIvBytes.Length - 16)  

[System.Array]::Copy($encryptedWithIvBytes, 0, $iv, 0, 16)
[System.Array]::Copy($encryptedWithIvBytes, 16, $encryptedBytes, 0, $encryptedBytes.Length)

$decryptor = $aesManaged.CreateDecryptor($key, $iv)
$unencryptedData = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length)
$unencryptedString = [Text.Encoding]::UTF8.GetString($unencryptedData)
Write-Output $unencryptedString

The image shows a split-screen setup with SQL Server Management Studio, a text editor with JSON configuration, and a PowerShell script, highlighting code references across the different windows. (Captioned by AI)
The image shows a split-screen setup with SQL Server Management Studio, a text editor with JSON configuration, and a PowerShell script, highlighting code references across the different windows. (Captioned by AI)3440×1006 298 KB

After checking the above I was able to decode the encoded caguzqe7ShQztjbk4j4fq0xUsELg3F4O3S5MK7UqogWb/zfmwTGJRviHtKOaiWWV password into the initial password string value MyDummyP@assword1234!

To encode the plain robot user password, you may try to use this PowerShell sample code:

# Add-Type -TypeDefinition $encryptor
$aesManaged = New-Object "System.Security.Cryptography.AesManaged"
$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
$aesManaged.BlockSize = 128
$aesManaged.KeySize = 256

$plaintext = "MyDummyP@assword1234!"
$base64KeyString = "yrSwGLd7sN0nkoV9IJaGqopMIszEcoFHWOwc4gNeYH0="

$key = [Convert]::FromBase64String($base64KeyString)
$bytesToBeEncrypted = [System.Text.Encoding]::UTF8.GetBytes($plaintext)

$iv = New-Object Byte[] 16
$random = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$random.GetBytes($iv)

$encryptor = $aesManaged.CreateEncryptor($key, $iv)
$encryptedData = $encryptor.TransformFinalBlock($bytesToBeEncrypted, 0, $bytesToBeEncrypted.Length)

$encryptedBytes = New-Object Byte[] ($iv.Length + $encryptedData.Length) 
[System.Array]::Copy($iv, 0, $encryptedBytes, 0, $iv.Length)
[System.Array]::Copy($encryptedData, 0, $encryptedBytes, $iv.Length, $encryptedData.Length)

$encryptedWithIvBytesBase64 = [Convert]::ToBase64String($encryptedBytes)
$encryptor.Dispose()

Write-Output $encryptedWithIvBytesBase64

Example of generation:

image

After getting this encoded password, you can perform an update for the [UiPath].[dbo].[RobotCredentials] table for the [PasswordKey] column.

Example:

UPDATE [UiPath].[dbo].[RobotCredentials]
SET [PasswordKey] = 'Bwys6+mCsBlkMCqbwJeDMuYmBSKh4mdRwsivf7CR//+joZG7S54ybSQ6eqR+8H8s' 
WHERE [UserName] = 'mydomain\mydummy_user';

However, we are not recommending this database manipulation approach. Better use the Orchestrator UI or RestAPI call to perform these.

5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.