Key Vault
The Key Vault provides a secure and centralized platform for managing sensitive data — including credentials, encryption keys, and secrets — essential for automation processes. It encrypts and consolidates this information, ensuring it is protected and accessible only by authorized users or automated bots. This approach supports a Zero Trust security model, which is crucial for automation workflows that interact with external APIs, databases, and cloud services.
By default, credential storage is configured to the Robility Manager Instance. Tenant administrators have exclusive permissions to modify this setup and integrate external vault services such as Azure Key Vault, AWS Key Management Service (KMS), and Google Cloud Key Management Service (KMS).
Supported Third-Party Vault Integrations
Robility enables seamless connections with leading third-party vaults to securely store and manage assets, credentials, and encryption keys, maintaining strong protection throughout the automation lifecycle.
| Vault Provider | Description and Features | Key Highlights |
|---|---|---|
| Azure Key Vault | A cloud service for securely managing keys, secrets, and certificates with hardware security module (HSM) support. |
|
| AWS KMS | Managed encryption key service integrated with AWS Identity and Access Management (IAM) for secure workflows. |
|
| Google Cloud KMS | Centralized key management with multi-region support and optional Cloud HSM for enhanced security compliance |
|
Configuring Third-Party Vaults
Each vault requires specific authentication credentials (such as client IDs, secrets, tokens, or service account keys) unique to the vault provider.
To configure a vault integration:
1. Select the desired third-party vault (Azure Key Vault, AWS KMS, or Google Cloud KMS) in the Robility Manager interface.
2. Enter the required authentication details according to the selected vault’s specifications.
3. Use the Validate button to verify credential accuracy against the vault provider.
4. Once validated, enable the integration by clicking Activate.
5. If validation fails, correct the errors to proceed.
6. After activation, manage credentials within the Vault page for your projects.
Click here to refer to the official Robility documentation for detailed setup guidance.
This robust Key Vault management ensures critical credential security and operational flexibility for secure, efficient automation workflows.
How will switching vault providers impact my existing credentials and automation workflows?
Switching vault providers will not automatically transfer your existing credentials from the previous vault. You will need to manually re-add any required credentials to the new vault integration, as stored credentials do not migrate between vaults. However, credentials already configured in the existing vault remain accessible within the Robility Manager and can continue to be retrieved seamlessly even after you switch to a different vault integration.
Regarding automation workflows:
1. You must reconfigure encryption settings to match the new vault provider when switching vaults.
2. Only one vault integration can be active at a time, but you can update or switch configurations at any time without waiting periods.
3. Any credentials used in your automation processes must be properly added and validated in the new vault to avoid disruption.
4. If your vault configuration expires or validations fail post-switch, you’ll need to reconfigure and revalidate the vault to maintain secure access.
How does Robility ensure secure management of secrets across multiple vaults
Robility ensures secure management of secrets across multiple vaults by implementing a robust, multi-layered security architecture combined with strict access controls and comprehensive auditing:
1. Encryption at Rest and In Transit: All secrets stored in the Robility Credential Vault are encrypted using industry-leading AES-256 encryption. Encryption keys are securely generated, managed, and protected within Robility’s infrastructure. Communication between all components (bots, Vault, Manager) uses TLS 1.2, ensuring data is encrypted in transit.
2. Tenant Isolation: Each tenant’s credentials are stored in physically isolated Azure SQL Managed Instances, preventing cross-tenant data access. These databases use Transparent Data Encryption (TDE) to protect data at rest.
3. Role-Based Access Control (RBAC): Access to secrets is governed through a fine-grained RBAC model, ensuring only authorized users and automation processes can read, write, or manage secrets. This enforces the principle of least privilege consistently.
4. Comprehensive Audit Logging: Every interaction with the Vault—storing, accessing, or modifying secrets—is logged. These logs provide transparency, support compliance requirements, and enable security investigations.
5. Support for Multiple Vault Integrations: Robility integrates securely with external vault providers (e.g., Azure Key Vault, AWS KMS, Google Cloud KMS), leveraging their native security features such as HSM-backed keys, automatic key rotation, and fine-grained identity access control.
6. Single Vault Activation with Flexible Switching: While only one vault configuration can be active at a time, Robility allows seamless switching between vault providers with reconfiguration. Credentials remain accessible through the Robility Manager even during transitions, reducing disruption.
7. Zero Trust Security Model: Robility’s design aligns with Zero Trust principles by strictly verifying every access request, encrypting all sensitive data, and enforcing continuous validation and monitoring throughout the automation lifecycle
Tips
1. Only one vault integration can be active at a time, but configurations can be updated or switched without waiting periods.
2. Switching vaults requires reconfiguration of encryption settings to align with the new provider.
3. Credentials stored in a previous vault are not automatically migrated and must be manually re-added.
4. Existing credentials remain accessible through the Robility Manager even after switching vaults.
5. Use the Smart Configuration Assistant to evaluate your automation needs and select the most suitable vault integration.
6. Vault configurations that expire or fail validation must be reconfigured and validated anew.
