Vaults
Learn how to use vaults to securely keep credentials.
At some point, your flows will need to use sensitive information like login credentials, database credentials, credit card information, email credentials, etc. To keep this information secure we developed an encrypted secure vault technology into the Robomotion platform similar to popular online password managers.
Any sensitive data entered in your browser is encrypted before leaving your computer and kept encrypted in Robomotion servers.
To keep your credentials, first, you need to create a secure vault from the Flow Designer. Click the Vaults icon at the top left corner of the header bar.
When you click the Vaults icon, the pop-up will ask for your workspace password.
You will see all the vaults in your workspace either owned by you or shared with you.
Create Vault
Press the top right "Create Vault" button to create a new Vault, then enter the name and description fields of the new vault.
When you press create your new vault will be created and you will see a popup dialog below:
This is the Vault Secret Key that is generated in your browser and used to encrypt the generated master key for your vault. In order to open a vault you have to provide two things: One that you know, which is the password for your account and one that you have and which is the Vault Secret Key. Vault Secret Key is never sent to Robomotion servers so if you lose it there is no way to open a vault. Keep it safe and secure!
Locking and Unlocking Vaults
When you create a vault, you will see the unlocked icon and that is because you have provided everything to open this vault. You entered the Vaults panel with your password and your Vault Secret Key is also kept in your browser cache after the initial creation (also encrypted). If you go to another browser you will have to provide your Vault Secret Key again.
If you lock this vault in your browser, again you will have to provide your secret key.
To unlock a Vault just enter your Vault Secret Key that is shown in your browser popup when you first created your Vault.
Creating Vault Items
After creating a vault, you can add vault items that contain sensitive information to your Vault.
As an example when you press New Item in your Vault and select Login, the Login Item credential screen will be shown. When you press the Save button the credential item will be added to your vault.
Using Vault Items
You can use vault items in two different ways. Some nodes need credentials to operate, like mail nodes, FTP nodes, third-party API nodes etc. Credentials needed by these nodes can be given from the properties panel of these nodes.
Here is an example view from the Send Mail node properties. The Vault and Vault Item can be selected from the properties.
Another way to access vault items is by using the "Get Item" node within the flow. The "Get Item" node can get any vault item from any vault and pass the credentials into the message object.
Running Flow
Robots running a flow that has to access a vault item needs Vault Secret Key to access the vault. If the robot does not have the secret key a popup window will appear on the machine the robot is running that asks for the Vault Secret Key for the vault.
Once the secret key is provided for the vault, it will be saved in the operating system's credential store and wont be asked for again.
The recommended way of providing the Vault Secret to a robot is by using Admin Console -> Robots screen and injecting your vault secret remotely into your robot.