Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Understanding how Robot Runtime retrieves credentials from BeyondTrust

Updated on October 19, 2022

To ensure optimal security, set up Robot Runtime to retrieve credential information from BeyondTrust Password Safe.

The BeyondTrust Password Safe stores credentials as managed accounts that belong to an asset.

  • Each managed account has an application associated with it. For example, WindowsUser is the application associated with credentials that are used by a robot to log in to Windows.
  • An asset can be a physical device (a computer or server) or a container for managed accounts. For example, a container for pooled credentials is used to log into an application.

When Robot Runtime makes a credential request, it uses the following values to query the BeyondTrust Password Safe:

The name of the credential element.
This value maps to an asset in BeyondTrust.
(Optional) This value maps to the first managed account belonging to the asset with a matching application name. If the applicationName value is omitted, the name value is used instead.
(Required, but can be overridden) This value is the BeyondTrust domain or local user authorized to retrieve the credentials. If NoRunasUserPassword is not enabled, store the passwords locally by using the CredMgrUi.exe program. For more information, see Using the Credential Manager utility to store API keys.
If you enable UseCurrentUserForASO or UseCurrentUserForCredStore, this value is overridden, based on the setting.
The name of the secret shared between Robot Runtime and BeyondTrust that authenticates that the request can be fulfilled.
(Optional) This value is used to match the correct managed account when an asset contains more than one managed account for an application. This value matches the managed account name ending with this value, which also matches the application name. This value is removed from the managed account name before the credentials are returned.

Pega Robotic Automation stores these values in the CredentialManagerConfig.xml file, which is located in the C:\ProgramData\Pegasystems folder.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us