Configuring the System Vault

You must configure public and private keys in the IBM RPA Control Center to use credentials in the System Vault.

Before you begin

  • See Planning for using the IBM RPA Vault for considerations and differences between the User and System Vaults.
  • See Generating keys for more information about how to generate the public-private key pair.
  • See Installing a private key in the Certificate Store for more information about how to install the private key in the Windows Certificate Store.
  • The machine must be certified to the correct tenant. Navigate to the License page (https://localhost:8099/web/en-US/license) to verify the tenant assigned to the certificate.
Important:Starting from version 23.0.3, the License page (https://localhost:8099/web/en-US/license) isn't available anymore because of the removal of License ID and License password and implementation of installation keys. For details on proxy, region, or status, go to the IBM RPA Client page (https://localhost:8099/web/en-US/ibmrpaclient) instead.

Procedure for configuring the keys

Follow these steps to configure the public and private key of the System Vault:

  1. Login to the tenant where you will configure your keys by using the IBM RPA Control Center.
  2. In the side menu, go to Tenants.
  3. Go to the Tenant Configuration tab.
  4. Click the Credentials option.
  5. Select the public key for the Public Key panel.
  6. Select the file type in the Private Key panel and insert the data to locate the file.

Important icon Important:

  • If the File Path field is provided, this path must be the absolute file path.
  • If the private key is shared on various machines, store it in a directory that is common and static to all machines. Do not use file paths that vary across machines.
  • If you select the certificate as a File Type, the System Vault looks for certificates installed in the Certificate Store. Enter certificate details such as Serial number or Subject Key Identifier in the Search Text field.
Attention:Make sure to configure the system vault before adding credentials to the tenant. When the system vault is updated with a new key, all existing credentials need to be reconfigured.

Procedure for configuring credentials

Bots can use credentials during runtime or to unlock a machine.

Remember:If the user does not configure the tenant with public and private keys, credentials are encrypted using the default system encryption. Keep in mind that the user can still use credentials regardless.

Follow these steps to configure credentials:

Requirement The tenant user must have permission to manage credentials. Tenant administrator and Business roles have this permission. To learn more about roles, see Default roles.

  1. Login to the tenant where you will configure your keys by using the IBM RPA Control Center.
  2. In the left side menu, click Credentials.
  3. Go to the Credentials tab.
  4. Choose the desired action:
    • To create a new credential: click New Credential.
    • To edit an existing credential: click the vertical ellipsis button ⋮ > Edit.
  5. Complete the required fields:
    • In Name, insert the credential's reference name.
    • In Username, insert the user name to be stored in the credential. The user name can be any relevant name, and it can contain domains.
    • In Password, insert the password to be stored in the credential.