orchestrator
2022.10
false
- Getting Started
- Requirements
- Best Practices
- Installation
- Updating
- Identity Server
- Hardware and Software Requirements
- Prerequisites for Installation
- Installation
- Encrypting AppSettings.Production.json
- Maintenance Considerations
- Troubleshooting startup errors
Encrypting AppSettings.Production.json
Orchestrator Installation Guide
Last updated Dec 9, 2024
Encrypting AppSettings.Production.json
Learn about encrypting AppSettings.Production.json.
Identity Server, Webhooks, and Resource Catalog Service
AppSettings.Production.json
files contain sensitive information one may want to secure. It is possible to encrypt/decrypt these files using the UiPath.ConfigProtector.exe
tool.
Note: Once encrypted, the data cannot be changed by directly editing the
AppSettings.Production.json
file. It must be decrypted and then re-encrypted.
UiPath.ConfigProtector.exe
is located in Orchestrator's installation directory. Its full path is: C:\Program Files (x86)\UiPath\Orchestrator\Tools\ConfigProtector
.
Parameter |
Description |
---|---|
|
Encrypts the
AppSettings.Production.json file.
|
|
Decrypts the
AppSettings.Production.json file.
|
-f / --configfile |
Indicates the file name and path of
AppSettings.Production.json .
|
-o / --output |
The encrypted/decrypted file is saved to a new file instead of overwriting the existing one. |
|
Displays information about the available commands. |
|
Displays version information. |
|
Allows you to add a configuration section of your choice to the tool's settings. This command uses the dot notation. Example:
configprotector.exe --pe -f appsettings.Production.json --signing-settings Other.Path.Of.SigningCredentialSettings |
--keys / k |
Allows you to encrypt/decrypt keys that are not hardcoded. This parameter need to be followed by a list of comma separated keys. Example:
configprotector.exe --pe -f appsettings.Production.json --keys Path.To.Key1,Path.To.Key2 Note: This should only be used in rare cases, and for keys that support encryption (which are mostly connection strings). An example
of this is adding a new ledger subscriber with a new connection string, where you want to encrypt the new key without having
to first decrypt the whole configuration, and encrypt it afterwards. The default paths that the tool already encrypts should
suffice.
|
Encryption
To encrypt
AppSettings.Production.json
, perform the following steps AFTER installing Orchestrator:
Decryption
Before you encrypt the Webhooks
appsettings.Production.json
, apply the following steps:
- Open the certificate console.
- Navigate to Personal, then to Certificates, and right-click the certificate you want to use.
- Next, select All Tasks, and then Manage Private Keys.
- Add the IIS_IUSRS group and the application pool user.
Note:
- Make sure to set the server as
Location
. - IIS_IUSRS is a local group. You should search it under local machine, not under domain.
In addition, you must add the signing certificate settings. If you want to use the same certificate, copy the
SigningCredentialSettings
section from the Identity Server appsettings.Production.json
file.
"AppSettings": {
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}
}
"AppSettings": {
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}
}
Name
represents the Thumbprint of your certificate.- We do not recommend using other values for
Location
andNameType
.
Encryption
Decryption
Prior to encrypting the Resource Catalog Service
appsettings.Production.json
, you need to add the signing certificate settings. You can copy the SigningCredentialSettings
section from the Identity Server appsettings.Production.json
file if you want to use the same certificate.
"AppSettings": {
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}
}
"AppSettings": {
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}
}
Name
represents the Thumbprint of your certificate.- We do not recommend using other values for
Location
andNameType
.