Let’s take a look at the System - Credentials activities.
This activity package allows us to store and retrieve credentials from Windows Credential Manager. Usually, the best practice is to store your credentials within Assets in Orchestrator. However, sometimes you want to store the credentials locally and this is exactly what this set of activities is made for.
To access them, please install this package from Package Manager: UiPath.Credentials.Activities
Now you can use 4 new activities:
Basic activity that prompts a dialog window for credentials input. You can use this activity in attended automation in a scenario where you want to retrieve username and password and further work with it.
Output variables are:
Password - stores entered password (String )
Username - stores entered username (String)
Result - stores if the operation was successful (Boolean) (this works with all activities in this set)
Please keep in mind, that password is retrieved as String! It is a good practice to limit the password variable scope for as little as possible and after the password is used, to clear the variable.
Activity to add new credentials to Windows Credential Manager. Supply with raw text or String variables. Password and Username are self-explanatory. Target works as an identifier for this set of credentials, so we can retrieve them later
When you run this one, and then go to Windows Credential Manager, you will see it there:
Running this activity with the same Target will cause rewriting the credentials that are already stored at that Target name.
Important Properties of Add Credential activity:
PersistanceType - Defines the rules according to which the given credentials are stored. The following options are available:
- Session - The credentials are stored in the Windows Credential Manager only for the life of the current logon session. They are not visible to other logon sessions of this same user. They do not exist after this user logs off and back on.
- LocalComputer - The credentials persist for all subsequent logon sessions on this same computer. They are visible to other logon sessions of this same user on the same machine, but not to logon sessions for this user on other machines.
- Enterprise - The credentials persist for all subsequent logon sessions on the same machine. They are visible to other logon sessions of this same user on the same machine and to logon sessions for this user on other computers.
CredentialType - The type of credential to be added. The following options are available:
- None - No credential type is applied. This may cause the credential to not be saved.
- Generic - A generic credential that is not used by a particular authentication package.
- DomainPassword - A password credential that is specific to Microsoft authentication packages (NTLM, Kerberos, Negotiate).
- DomainCertificate - A certificate credential that is specific to Microsoft authentication packages (Kerberos, Negotiate, Schannel).
- DomainVisiblePassword - A password credential specific to Microsoft authentication packages (Passport).
Deletes credential of supplied Target name from Windows Credential Manager
Input Target as an identifier of the credential.
Properties CredentialType and PersistanceType must match the values used in Add Credential activity.
This activity outputs:
- Username (String)
- Password (SecureString)
- String data type is meant to use with Type Into and other activities.
- SecureString data type is there to handle improved security when storing passwords or any other secured strings. Use Type Secure Text activity to use e.g. for a password field.
If you store/get your password in SecureString data type, this does not mean it is safe and cannot be retrieved back. It does not make it encrypted or hidden.
If you would try to use Type Secure Text activity on a field that is not a password field, you’ll be able to see the password. Attention should be paid to credential handling during a code review and before going to production. Wrong selector for a password field can lead to a password leak to another field where it can be seen or accessed by an unwanted person. Please be very careful!
From SecureString to String:
notsecure_password = (new System.Net.NetworkCredential("", password,)).Password
From String to SecureString:
password = (new System.Net.NetworkCredential("", “notsecure_password”)).SecurePassword