orchestrator
2023.4
false
UiPath logo, featuring letters U and I in white
Orchestrator Installation Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Oct 3, 2024

Encrypting UiPath.Orchestrator.dll.config Sections

The UiPath.Orchestrator.dll.config file contains sensitive information one may want to secure. It is possible to encrypt sections in this file with the UiPath.Orchestrator.Cli.exe tool with the protected-configuration command.
Note: Once encrypted, the data cannot be changed by directly editing the UiPath.Orchestrator.dll.config file. It must be decrypted and then re-encrypted.

UiPath.Orchestrator.Cli.exe

UiPath.Orchestrator.Cli.exe is a CLI tool wrapped over aspnet_regiis.exe. The tool accepts all arguments passed to aspnet_regiis.exe and adds missing .NET Core functionality. It can be found in Orchestrator's root installation directory.
Here's an overview of the main operations performed by the UiPath.Orchestrator.Cli.exe tool.
  1. Renames web.config to web.config.copy and UiPath.Orchestrator.dll.config to web.config.
  2. Prepares web.config for aspnet_regiis.exe invocation.
  3. aspnet_regiis.exe is invoked in another process with the arguments passed to the console app.
  4. Prepares web.config after aspnet_regiis.exe has been invoked.
  5. Renames web.config to UiPath.Orchestrator.dll.config and web.config.copy to web.config.
Important: If at any point during the migration an exception is thrown or the process that invokes aspnet_regiis.exe returns an exit code different than 0, the attempt is aborted, and both files are restored to their initial value.

Using UiPath.Orchestrator.Cli.exe

The EncryptionKey in the secureAppSettings section of UiPath.Orchestrator.dll.config is used to encrypt/decrypt passwords for credential assets and Robot credentials without the need for an additional tool. It is automatically generated when you first install Orchestrator.
This section can also be encrypted using the Using UiPath.Orchestrator.Cli.exe tool with the protected-configuration command, to ensure that nobody can use the key to decrypt the information you store in Orchestrator.

Parameters

Parameter

Description

-pe

Indicates the configuration section to be encrypted.

-site

Represents the virtual path's site specified as the value of the -app argument. Change the value of this argument ("UiPath Orchestrator") if your instance’s name is different. If this is not specified, the default website name is used.

-app

Encrypt at this virtual path. It must begin with a forward slash. If the value is just '/', then it points to the root of the site.

-prov

The library used to encrypt the secureAppSettings. The only supported value is "RsaProtectedConfigurationProvider".
For more information about the Aspnet_regiis.exe tool, read the official Microsoft documentation.

Encryption

To encrypt the aforementioned section of the UiPath.Orchestrator.dll.config file, perform the following steps AFTER installing Orchestrator:
  1. Open an elevated Command Prompt.
  2. Run the following command.
    cd “C:\Program Files (x86)\UiPath\Orchestrator\Tools\Cli” .\UiPath.Orchestrator.Cli.exe protected-configuration -pe "secureAppSettings" -site "UiPath Orchestrator" -app "/" -prov "RsaProtectedConfigurationProvider"cd “C:\Program Files (x86)\UiPath\Orchestrator\Tools\Cli” .\UiPath.Orchestrator.Cli.exe protected-configuration -pe "secureAppSettings" -site "UiPath Orchestrator" -app "/" -prov "RsaProtectedConfigurationProvider"
    Note: Orchestrator's default installation folder is C:\Program Files (x86)\UiPath\Orchestrator.
The XmlEncAES256Url algorithm is used for encrypting the RsaProtectedConfigurationProvider section. To this end, useFIPS is set to true and the following section is added in UiPath.Orchestrator.dll.config.
<code><add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
        useMachineContainer="true" useFIPS="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
        name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></code><code><add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
        useMachineContainer="true" useFIPS="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
        name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /></code>

Decryption

  1. Open an elevated Command Prompt.
  2. Run the following command.
    cd “C:\Program Files (x86)\UiPath\Orchestrator\Tools\Cli”
     .\UiPath.Orchestrator.Cli.exe protected-configuration -pd "secureAppSettings" -site "UiPath Orchestrator" -app "/"cd “C:\Program Files (x86)\UiPath\Orchestrator\Tools\Cli”
     .\UiPath.Orchestrator.Cli.exe protected-configuration -pd "secureAppSettings" -site "UiPath Orchestrator" -app "/"
    Note:
    • Orchestrator's default installation folder is C:\Program Files (x86)\UiPath\Orchestrator.
    • Before an upgrade, all encrypted sections must be decrypted. Any configuration section can also be decrypted.
  • UiPath.Orchestrator.Cli.exe
  • Using UiPath.Orchestrator.Cli.exe
  • Parameters
  • Encryption
  • Decryption

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.