Local vault authentication method

Learn how IBM RPA Vault authenticates its requests for credentials when you use the local method.

The following sequence diagram shows how the Bot Agent returns a decrypted credential to the Bot Runtime component.

Local IBM RPA Vault authentication method

  1. The Bot Runtime, the sandbox that runs scripts, requests a credential to the Bot Agent, the IBM RPA local service. The Get Vault Item (getVaultItem) command in your script triggers this event.
  2. The Bot Agent requests access to the local IBM RPA Vault to get the encrypted vault password.
  3. If IBM RPA Vault is not open, IBM RPA Vault prompts you to open it.
  4. Open the IBM RPA Vault by using your vault password.
  5. IBM RPA Vault returns the encrypted vault password and the credential profile identifier to the Bot Agent.
  6. The Bot Agent requests the public and private keys from the IBM RPA server through the API. The request uses HTTPS.
  7. The IBM RPA's API returns the public and private keys generated based on the vault password.
  8. The Bot Agent requests the encrypted credential from the IBM RPA server through the API. The request uses HTTPS.
  9. The IBM RPA's API returns the encrypted credential.
  10. The Bot Agent uses the private key to decrypt the credential.
  11. The Bot Agent returns the decrypted credential to the Bot Runtime. The decrypted credential is placed in a secure memory location. See Data Encryption for details.