UiPath Orchestrator stores Robot login credentials and workflow process Assets in a Credential Store that by default uses Orchestrator’s internal software database for storage. By utilizing the Luna Vault feature of Thales TCT’s Luna Credential System (LCS), this highly sensitive data can be stored in a FIPS 140-2 Level 3 hardware security module (HSM) providing optimal security.
Orchestrator enables the creation of Credential Stores using other storage medium by virtue of loading library plugins. By loading the LCS Luna Vault Plugin, LCS implementers can direct the Credential Store to use the highly secure Luna Credential HSM as its default storage location. With the inherent access control mechanisms implemented by LCS, only the Orchestrator machine can access the data stored within the HSM. In High-Density Robot environments, where Windows Remote Desktop is used, Luna Vault can provide HSM storage for the Robots’ login credentials, thus providing highly secure, hardware-based protection.
THE LUNA CREDENTIAL SYSTEM
Luna Vault is an optional feature of the core Luna Credential System that also enables UiPath’s RPA to utilize the HSM for Public Key Infrastructure (PKI) multi-factor authentication using Windows Logon. In this use case, the HSM replaces smart cards as the hardware storage mechanism for PKI credentials, thus enabling Unattended Robots to meet the multi-factor authentication requirements of the U.S. Federal Government. As an optional feature that can be enabled in this environment, Luna Vault can also provide hardware protection of the Robots' credential password and workflow process Assets in addition to the PKI credentials.
The Luna Credential System for the Luna Vault is comprised of the following LCS components:
The Luna Credential HSM - a FIPS 140-2 Level 3 validated hardware security module built exclusively for the U.S. Federal Government
The Luna Credential Client - software installed on the Orchestrator machine to establish a highly secure connection with the HSM