Understanding how Robot Runtime retrieves credentials from BeyondTrust
To ensure optimal security, set up Robot Runtime to retrieve credential information from BeyondTrust Password Safe.
The BeyondTrust Password Safe stores credentials as managed accounts that belong to an asset.
- Each managed account has an application associated with it. For example, WindowsUser is the application associated with credentials that are used by a robot to log in to Windows.
- An asset can be a physical device (a computer or server) or a container for managed accounts. For example, a container for pooled credentials is used to log into an application.
When Robot Runtime makes a credential request, it uses the following values to query the BeyondTrust Password Safe:
- The name of the credential element.
- This value maps to an asset in BeyondTrust.
- (Optional) This value maps to the first managed account belonging to the asset with a matching application name. If the applicationName value is omitted, the name value is used instead.
- (Required, but can be overridden) This value is the BeyondTrust domain or
local user authorized to retrieve the credentials. If
NoRunasUserPassword is not enabled, store the
passwords locally by using the
CredMgrUi.exeprogram. For more information, see Using the Credential Manager utility to store API keys.
- If you enable UseCurrentUserForASO or UseCurrentUserForCredStore, this value is overridden, based on the setting.
- The name of the secret shared between Robot Runtime and BeyondTrust that authenticates that the request can be fulfilled.
- (Optional) This value is used to match the correct managed account when an asset contains more than one managed account for an application. This value matches the managed account name ending with this value, which also matches the application name. This value is removed from the managed account name before the credentials are returned.
Pega Robotic Automation stores these values in the
CredentialManagerConfig.xml file, which is located in the
Previous topic Configuring BeyondTrust Password Safe Next topic Integration with Password Safe