orchestrator
2024.10
true
- Getting Started
- Requirements
- Best Practices
- Installation
- Updating
- Identity Server
- Hardware and Software Requirements
- Prerequisites for Installation
- Installation
- Encrypting AppSettings.Production.json
- Maintenance Considerations
- High Availability Add-on
- Troubleshooting startup errors
Orchestrator Installation Guide
Last updated Oct 21, 2024
Encrypting AppSettings.Production.json
Learn about encrypting AppSettings.Production.json.
Identity Server, Webhooks, and Resource Catalog Service
AppSettings.Production.json files contain sensitive information one may want to secure. It is possible to encrypt/decrypt these files using the UiPath.ConfigProtector.exe tool.
Note: Once encrypted, the data cannot be changed by directly editing the
AppSettings.Production.json file. It must be decrypted and then re-encrypted.
UiPath.ConfigProtector.exe is located in Orchestrator's installation directory. Its full path is: C:\Program Files (x86)\UiPath\Orchestrator\Tools\ConfigProtector.
|
Parameter |
Description |
|---|---|
|
|
Encrypts the
AppSettings.Production.json file.
|
|
|
Decrypts the
AppSettings.Production.json file.
|
-f / --configfile |
Indicates the file name and path of
AppSettings.Production.json.
|
-o / --output |
The encrypted/decrypted file is saved to a new file instead of overwriting the existing one. |
|
|
Displays information about the available commands. |
|
|
Displays version information. |
|
|
Allows you to add a configuration section of your choice to the tool's settings. This command uses the dot notation. Example:
configprotector.exe --pe -f appsettings.Production.json --signing-settings Other.Path.Of.SigningCredentialSettings |
--keys / k |
Allows you to encrypt/decrypt keys that are not hardcoded. This parameter need to be followed by a list of comma separated keys. Example:
configprotector.exe --pe -f appsettings.Production.json --keys Path.To.Key1,Path.To.Key2Note: This should only be used in rare cases, and for keys that support encryption (which are mostly connection strings). An example
of this is adding a new ledger subscriber with a new connection string, where you want to encrypt the new key without having
to first decrypt the whole configuration, and encrypt it afterwards. The default paths that the tool already encrypts should
suffice.
|
Encryption
To encrypt
AppSettings.Production.json, perform the following steps AFTER installing Orchestrator:
Decryption
Prior to encrypting Webhook’s
appsettings.Production.json, you need to add the signing certificate settings. You can copy the SigningCredentialSettings section from the Identity Server appsettings.Production.json file if you want to use the same certificate.
"AppSettings": {
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}
}"AppSettings": {
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}
}Namerepresents the Thumbprint of your certificate.- We do not recommend using other values for
LocationandNameType.
Encryption
Decryption
Prior to encrypting the Resource Catalog Service
appsettings.Production.json, you need to add the signing certificate settings. You can copy the SigningCredentialSettings section from the Identity Server appsettings.Production.json file if you want to use the same certificate.
"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}"SigningCredentialSettings": {
"StoreLocation": {
"Name": "66B6B5A95BD055C8A264E643F9F8B26C7BEAA841",
"Location": "LocalMachine",
"NameType": "Thumbprint"
}
}Namerepresents the Thumbprint of your certificate.- We do not recommend using other values for
LocationandNameType.
