process-mining
2021.10
true
Process Mining
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Sep 2, 2024

Setting up an Azure Key Vault Credential store

Introduction

Azure Key Vault provides encryption for passwords, which makes it a safe and secure location to store passwords for UiPath Process Mining.

Important: An Azure environment must be available for Azure Key Vault.

To set up an Azure Key Vault the following actions must be performed:

  1. Create a Key Vault;
  2. Generate a certificate;
  3. App registration for UiPath Process Mining;
  4. Set the correct permission for the Key Vault;
  5. Enable the Credential Store in UiPath Process Mining.

Step 1: Create a Key Vault

Follow these steps to create a Key Vault.

Step

Action

1

Go to the Azure Portal (https://portal.azure.com).

2

Click on Create a resource.

3

Search for Key Vault and click on Create.

4

Enter a Name, select your Subscription, select or create a Resource Group and select a Location.

5

Write down or copy the Nameof the Key Vault.

6

Leave the access policy as default and click on Create.

You have created a Key Vault where you can store passwords in a secret way.

Step 2: Generate a certificate

To secure the connection between UiPath Process Mining and Azure, a public/private key pair is needed, which will be referred to as a certificate. Below is a description of two different ways to generate a certificate. The first is the easiest way to create a certificate, but requires access to OpenSSL, e.g. through a Linux machine. The second method might be more complicated, but only requires Azure.

OpenSSL

Follow the steps below to generate the certificate via OpenSSL.

Step

Action

1

Run the following command at the command line prompt:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my-certificate.pem -out my-certificate.pem

2

Leave all fields empty, the certificate my-certificate.pem will be generated.

3

Run the following command:

openssl x509 -outform der -in my-certificate.pem -out azure-cert.cer

This will generate a file my-certificate.pem, which is the private key needed to authenticate on Azure, and an azure-cert.cer which is a public key, to be uploaded to Azure.

Azure

Follow these steps to generate the certificate via Azure.

Step

Action

1

In the Azure Portal, go to All resources and click on your Key Vault.

2

Go to Certificatesand click on Generate/Import.

3

Set Method of Certificate Creation to Generate.

4

Enter a name for your certificate, for example, my-certificate.

5

Set Type of Certificate Authority (CA) to Self-signed certificate.

6

Enter a Subject, for example, CN=http://www.example.com.

7

Set the Content Type to PEMand keep the rest of the default settings.

8

Click on Create.

Follow these steps to download the generated certificate from Azure.

Step

Action

1

In the Azure Portal, go to All resources and click on your Key Vault.

2

Select Certificatesand click on your certificate.

3

Right click on the current version, and if it is not enabled, select Enable.

4

Click on the current version.

5

Click on Download in PFX/PEM format and click on Download.

6

Save the file to your disk as my-certificate.pem.

7

Click on Download in CER format.

8

Save the file to your disk as azure-cert.cer.

9

Delete the certificate from Azure.

You now have a private key (my-certificate.pem), which will be used by the software and a public key (azure-cert.cer), which will be used by Azure.

Step 3: App registration

To access the Key Vault from UiPath Process Mining, an app registration is required. Follow these steps to perform the app registration.

Step

Action

1

In the Azure Portal go to Azure Active Directory.

2

Go to Propertiesand write down/copy your Directory (tenant) ID.

3

Click on App registrations.

4

Click on New application registration.

5

Enter a Name, select Web app / API as Application type, and fill in any valid Sign on URL.

6

Click on Create.

You have completed the app registration.

Step 4: Setting the correct permission

To enable UiPath Process Mining to link to the Key Vault the correct permission must be set.

Follow these steps to set the correct permission.

Step

Action

1

Go to your App registration and write down/copy your Application (client) ID.

2

Go to Settings - Keys and click on Upload Public Key.

3

Select the azure-cert.cer file created previously and click on Save.

4

In the Azure Portal, go to All resources and click on your Key Vault.

5

Select Access policies and click on Add new....

6

Click on Select principal and select your App Registration. Click on Select.

7

Select the Secret permissions– Get and click on OK.

8

Click on Save.

9

Go to Secretsand click on Generate/Import.

10

Fill in the Name(this will be the identifier), and Value(this is a secret password).

11

Click on Create.

It is now possible to link to the Key Vault from UiPath Process Mining.

Step 5: Enable the Credential store in UiPath Process Mining

Follow these steps to enable the credential store in UiPath Process Mining using the Azure Key Vault.

1

Go to the Superadmin Settings tab.

2

Add the CredentialStore entry to the Server Settings as displayed below.
"CredentialStore": {
    "Type"           : "AzureKeyVault",
    "TenantId"       : <Directory/Tenant ID>,
    "ClientId"       : <Client ID>,
    "VaultName"      : <KeyVaultName>
    "CertificateFile": <my-certificate.pem>
}"CredentialStore": {
    "Type"           : "AzureKeyVault",
    "TenantId"       : <Directory/Tenant ID>,
    "ClientId"       : <Client ID>,
    "VaultName"      : <KeyVaultName>
    "CertificateFile": <my-certificate.pem>
}

The identifier can now be used by developers and, when used, will result in the password specified in the value.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.