What is the IBM RPA Vault?
This section introduces concepts and definitions about the IBM RPA Vault.
The IBM RPA Vault is a tool from IBM Robotic Process Automation used to store encrypted credentials. A credential consists basically of sensitive data used during an automated task, like the user and password from a login process.
These credentials are encrypted using an asymmetric encryption method with public and private keys that ensures that credentials are never violated. Thus, no user will ever be capable of decrypting a credential without the private key.
IBM RPA Vault modes
The IBM RPA Vault has two distinct modes named system vault and user vault that can be used simultaneously.
System Vault
The system vault is recommended for unattended automation, where the process runs in the background and it needs a credential to access a specific system.
The credentials are registered in the IBM RPA Control Center. These credentials are stored in the tenant's repository after being encrypted using the public key.
The private key must be located in the machine where the bot will run. This key is used to decrypt credentials.
User Vault
The user vault, on the other hand, is recommended for attended automation, where the bot needs human interaction to perform its task. Thus, when a credential is needed, the bot will prompt the user for the IBM RPA Vault's master password to access its credentials.
The user vault does not use the public and private key pair configured in the IBM RPA Control Center. Instead, it encrypts data using a combination of encryption algorithms combined with the master password. The credentials are configured locally.