Central Key Management

RPA SaaS Admin module offers centralized key management to system administrator with secure and versatile system. In RPA SaaS Central Key Management, Key and Passphrase combination is used for application credential encryption. By default, this Salt-Passphrase is stored in product database.
As per default security configuration, the permitted settings to form a key and a salt are:

  • Minimum of 32 and maximum of 128 characters
  • Combination of lower case (a-z) alphabets, upper case (A-Z) alphabets and numeric keys (0-9)

 

NOTE: 
  • By default, only Super_Admin has access to Central Key Management page. For more information about role access, see specify role access section.
  • The Global Central Key tab is available only in default tenant setup. The Global central key is used for encrypting the credentials used by all the tenants. For example, SMTP credentials used across all the tenants.
  • Ensure to stop the Trigger and client tools before changing the central key. After performing the changes, you must start the trigger and client tools again.

 

 

Accessing Central Key Management 

Salt and key configured in the Central Key tab are used for credential cryptography for all sign-in applications in default tenant setup and Salt and key configured in the Global Central Key tab are used for credential cryptography for all global credentials. 


Changes made to these screens are global in nature and are to be done post careful planning and considerations as mentioned in the product documentation. . 


To access the central key management:

  1. Launch Central Key Management.

 

The Central Key Management system page is displayed.

 

NOTE: 

To access the Global Central Key system page click Global Central Key tab.

 

  1. In the Salt field, enter the salt value.
  2. In the Passphrase 1 field, enter the passphrase 1 value.
  3. In the Passphrase 2 field, enter the passphrase 2 value. Passphrase 2(Secondary key) is optional.
  4. Click Update to save the combination into the defined store.

    The credentials are updated simultaneously. For security reasons, the existing key is not displayed on the screen. Only, an update operation is permitted. The credentials are updated into the defined store.