Credentials configuration for the tenant

In IBM RPA Control Center, you can configure custom encryption for credentials that you store on your tenant by navigating to Tenants > Tenant Configuration > Credentials. A credential is an item that stores a username and password. You can use credentials on your scripts or to enable IBM RPA to unlock the host when trying to start a software bot.

You can configure custom encryption for details by providing the IBM RPA server a public key and a private key. The server uses the public key to encrypt credentials and the private key to decrypt them. All machines that should run scripts must have access to the private key.

Starting from version 21.0.2, you can protect your private keys with a password. Note that the IBM RPA server and consequent clients must be on version 21.0.2 or higher to use this feature.

Before you begin

⚠ Attention:

  • The changes take effect after you save the configuration, encrypting all the credentials on the tenant with the new public key. This procedure can cause disruption if you have computers that use credentials and if they don't have access to the private key.
  • If the tenant already had a previous public and private key configured, changing the keys breaks all the credentials already configured on the tenant. In this case, you would need to reconfigure all the credentials manually. After you change the credentials, the old private key is unable to decrypt credentials encrypted with the new public key, so you must replace the private key in every computer that uses it as well.
  • After you change the public key, the server does not keep the previous one to revert back to its original state. If you want to use the previous public and private key pair, you must upload the public key again and reconfigure the credentials again.
  • The public and private keys work together. Don't change only one of the keys.

Requirements:

  • You need to generate a public key and a private key. For guidance on how to generate public and private key files or certificates, see Generating keys.
  • If you want install a certificate in the Windows™ Certificate Store, see Installing a private key in the Certificate Store.
  • If you are protecting your private key with a password, consider the following requirements:
    • The private key password must comply with IBM Password Policy. See IBM RPA Control Center user authentication for more information on the policy.
    • Both the IBM RPA server and the clients must be on IBM RPA version 21.0.2 or higher.

Procedure to add a public and private key to the IBM RPA server

Uploading the public key file

  1. Go to Tenants > Tenant configuration > Credentials.
  2. Click Upload file. A window prompts you to select the file.

Setting up the private key file or certificate

Note:It is strongly recommended to use at least 2048-byte private/public keys to enhance the security of the encryption methods.
  1. Select the file type of the private key in the File Type field.
    1. If you selected Pem, PKCS#12 or XML:
      1. Enter the local path to the private key in the File Path field.
      2. Optional: If you selected Pem or PKCS#12, you can configure a password in the New Password field.
    2. If you selected Certificate:
      1. Select the search method to find the certificate in the Search Type field.
      2. Type the value that the search must match in the Search Text field.
  2. Click Save Configuration.