Web.config file contains sensitive information that one may want to secure. It is possible to encrypt indicated sections in this file with the help of the
Once encrypted, the data cannot be changed by directly editing the
Web.config file, nor from IIS. It must be decrypted and then re-encrypted.
EncryptionKey which is stored in
Web.config, in the
secureAppSettings section, is used to encrypt and/or decrypt passwords for credential assets and Robot credentials. It is automatically generated when you first install Orchestrator.
This section can also be encrypted using the
Aspnet_regiis.exe tool, thus ensuring that nobody can use the key to decrypt the information you store in Orchestrator.
To encrypt the aforementioned section of the
Web.config file, perform the following steps AFTER installing Orchestrator:
- Open the Command Prompt.
- Change the directory to the location of the
Aspnet_regiis.exetool. This is usually located in
%SystemRoot%\Microsoft.NET\Framework\versionNumber. For example:
- Add the following command
aspnet_regiis -pe "secureAppSettings" -site "UiPathOrchestrator2017.1" -app "/" -prov "RsaProtectedConfigurationProvider".
-pe- indicates which configuration section should be encrypted.
-site- represents the site of the virtual path specified as the value of the
-appargument. Change the value of this argument ("UiPathOrchestrator2017.1") if your instance’s name is different. If this is not specified, the default web site is used.
-app- encrypt at this virtual path. It must begin with a forward slash. If the value is just '/', then it points to the root of the site.
-prov- the library used to encrypt the
secureAppSettings. You can use
“DataProtectionConfigurationProvider”as values for this argument. The first option uses the RSA cryptosystem, while the latter uses DPAPI. We recommend using the RSA one as it provides more flexibility.
For more information on the
Aspnet_regiis.exe tool, please run the following command: