Vault Management Automation

The Vault Management activities work with the vault service to provide the credentials during the execution of the automation task. These activities are also used to assign a unique vault variable to each key you want to reference in the bot automation steps.

The following sections provides more information about vault manager, service, and activities.

About Vault Service

You can use the vault service to store and manage user credentials or other confidential information securely. RPA bots that need user credentials on an on-demand basis to perform an automation task can securely retrieve the appropriate credential from the vault storage.

The vault service also uses encryption to protect the credentials stored in the vault service server.

When you use the vault service, you do not need to store any credentials in a bot. Only the credential reference is present in the bot code and not the actual credential. This creates a logical separation of credentials from the bot and helps you to create a secure business process automation project.

Vault Service Basic Concepts

Here are some of the essential terms used in vault service:

Terms

Description

Vault Manager

You can use the Vault Manager dialog to securely and safely store vault keys and values. It is the vault service client that a bot designer can access both from the ASG-Studio user interface.

The following task can be performed in the Vault Manager:

  • Create a new vault key and assign values to it.
  • Edit or delete existing vault keys or values.
  • Search a vault key.

Vault Service Server

It is the only component in the vault service architecture that communicates with the data storage.

Vault Key

The key is a unique identifier (a numeric or alphanumeric string) that is associated with a single value (for example, a specific user password) within the vault service.

Vault Value

It is the actual Personally Identifiable Information (PII) and other confidential data that you securely store using the vault service.

Vault Variable

The vault variable is a symbolic name associated with a specific vault key, and whose associated vault key can be changed. It helps you to make the bot code independent of the referenced vault keys.

 

When bots from multiple machines are imported into ASG Zenith Portal for execution, the code of two different bots might contain the same key, which is keys having the same name. Vault storage having the same keys can create conflict when the automation task is executed. Vault variables help you to resolve this issue.

Vault Service Connection When Designing Bot

In ASG-Studio, you can access the vault service client using the Vault Manager dialog from the general toolbar. The Vault Manager dialog enables you to create, view, edit, and delete vault keys and its values. Note that in ASG-Studio, the vault service server to store the confidential information resides on the same machine on which ASG-Studio is setup, that is, data is stored locally. If you are moving the bot from the machine where ASG-Studio is setup to another, no changes are required in the bot, and you just configure the vault service and keys in the new machine.

After you have added vault keys, the data is available for use as a variable for values in a bot. You can add vault variables to a bot using the Vault Management activities from the ASG-Studio visual designer.

Vault Encryption

AES (Advanced Encryption System) 128-bit encryption is used to secure store sensitive data.

Credential Provisioning to a Bot

When you run a bot in ASG-Studio credentials are provisioned to the bot only when running the automation task.

During the execution of the bot, ASG Bot Engine securely connects to the vault services over the HTTPS protocol to fetch the encrypted credentials from the server. After the execution is completed, the actual credentials are automatically removed from the memory. The bot execution log messages also do not show the actual credentials that were used during the execution.

Use Vault Service To Store Data

You can use vault service to store Personally Identifiable Information (PII) and other confidential information are encrypted and stored in the vault storage. Personally Identifiable Information (PII) is any information that can be potentially used to identify a specific individual, for example, login credentials, email addresses, social security numbers, driver’s license numbers, and others.

Additionally, specific configuration related to sensitive information such as OCR configuration credentials, are also automatically stored in the vault.

In addition to providing encrypted storage and easy management of confidential information, the following are the advantages of storing such information using vault service:

  • Segregation of actual user credential and bot code. Only credential reference is provided in the bot code.
  • Reduce the risk of attacks that compromise confidential information.
  • Protect and secure confidential information from loss, theft, or unauthorized sharing.
  • Provide a secure environment for performing the automation task.
  • Support legal, process, and confidential information management obligations.
  • Help in increased automation of business processes using confidential and sensitive information.

Manage Vault Keys and Values in Vault Manager

You can access the Vault Manager from the toolbar to manage the vault keys and its values.

Perform the following steps:

  1. Launch ASG-Studio and click the Vault Manager icon on the toolbar.

  2. In the Vault Manager dialog do the following:
    1. Click the plus (+) icon and then specify values or text in the following fields:
      1. Key: Type a name for the new key to which you want to assign a vault value.
      2. Value: Specify the credential or Personally Identifiable Information (PII) you want to store in the vault.
    2. Click Save. You can add multiple keys to the Vault Manager.
When you open the Vault Manager dialog, you might sometimes find that the vault service offline message is displayed. To work around this issue, start the vault service from the ASG Studio Manager.

Edit Vault Keys

Perform the following steps:

  1. Click the the Vault Manager icon on the toolbar.
  2. Select a key and click the pencil icon and edit the key and its values.
  3. Click Save for each key you have modified and then close the Vault Manager dialog.

Vault Management Activites

You can use the following activities to reference vault keys and variables in the bot code:

Get Vault Data

Enables you to reference the vault keys that are already available in the vault manager. You must also associate unique variables with the vault keys using this action.

Properties

Default

  • Name: Enter the display name of the action.

Key Specific

  • +Add Button: Add single or multiple keys to the RPA model.
  • Key: Specify a key. You can also select a key from the suggestion list that is displayed when you type the string for the key.
  • Variable: Specify a unique variable for the key you have selected.