Local vault authentication method
Learn how IBM RPA Vault authenticates its requests for credentials when you use the local method.
The following sequence diagram shows how the Bot Agent returns a decrypted credential to the Bot Runtime component.
- The Bot Runtime, the sandbox that runs scripts, requests a credential to the Bot Agent, the IBM RPA local service. The Get Vault Item (
getVaultItem) command in your script triggers this event.
- The Bot Agent requests access to the local IBM RPA Vault to get the encrypted vault password.
- If IBM RPA Vault is not open, IBM RPA Vault prompts you to open it.
- Open the IBM RPA Vault by using your vault password.
- IBM RPA Vault returns the encrypted vault password and the credential profile identifier to the Bot Agent.
- The Bot Agent requests the public and private keys from the IBM RPA server through the API. The request uses HTTPS.
- The IBM RPA's API returns the public and private keys generated based on the vault password.
- The Bot Agent requests the encrypted credential from the IBM RPA server through the API. The request uses HTTPS.
- The IBM RPA's API returns the encrypted credential.
- The Bot Agent uses the private key to decrypt the credential.
- The Bot Agent returns the decrypted credential to the Bot Runtime. The decrypted credential is placed in a secure memory location. See Data Encryption for details.