JWT Token Management
JWT Tokens (JSON Web Tokens) provide a secure, verifiable way to store and use signed tokens required for authentication and authorization in automation workflows.
Instead of embedding JWT token values directly into workflows, these tokens are stored securely in the Vault and retrieved at runtime. This ensures secure access and controlled use of sensitive credentials.
Key Benefits
1. Secure Storage: JWT tokens are securely stored and encrypted in the Vault, minimizing the risk of leakage.
2. Signed and Verifiable: Each JWT token enabling validation of token authenticity during retrieval or use.
3. Centralized Management: All JWT tokens for your project are managed in one place, supporting reusability.
4. Role-based Access Control: Permissions to create, edit, view, or delete JWT tokens are governed by roles defined in Robility Manager, ensuring proper governance.
User Roles & Permissions
Access to JWT Token entries depends on permissions configured in Robility Manager:
1. Interact User: Does not have access to view or use JWT Token in workflows.
2. Process Admin: Can assign JWT Token to processes but cannot create, edit, or delete them.
3. Credential Admin: Has full access to create, edit, delete, and inactivate entries.
4. Developer: Can use existing JWT Token in workflows but cannot manage them.
5. Project Admin: Can manage project-level access but cannot create items; they can edit and remove existing entries.
Managing JWT Tokens
The following sections describe how to create, edit, delete, and inactivate JWT token entries in Robility Manager.
Creating a JWT Token
1. Navigate to the Vault page in Robility Manager.
2. Click Add to open the Add Credential dialog.
3. In the Upload Type, select
Webform – for manual entry
Excel – for bulk upload and upload files in .xlsx or .xls format
4. Enter the application Name to identify the token.
5. Provide the JWT Token Value in the designated field.
6. Click Save.
7. The JWT token will be stored in the Vault and listed on the JWT Token page.
Editing a JWT Token
1. On the JWT Token page, locate the entry you want to modify.
2. Click the Edit icon next to it.
3. Update the JWT Token Value as needed.
4. Click Update to save changes.
5. All edits are logged automatically, supporting auditing and traceability.
Deleting a JWT Token
1. To delete a single JWT token, click the Remove icon beside the entry.
2. To delete multiple tokens at once:
Select the relevant entries using the checkboxes.
Click the Remove button to delete them in bulk.
Inactive JWT Token
JWT Token entries can be set to Inactive when they are temporarily not required. Once inactivated, they cannot be used in workflows until reactivated.
Security Considerations
Do not hardcode JWT tokens within workflows; always retrieve them securely via the Credential Vault.
Access to JWT tokens should be limited based on roles and responsibilities defined in Robility Manager.
Rotate tokens periodically and ensure proper expiration claims are configured to maintain security.
Viewing History
To view the history of an item, click the View option. The history displays all actions performed on the item and is categorized as follows:
1. Usage: Records when and how the item was used.
2. Lock/Unlock: Shows when the item was locked or unlocked.
3. Updates: Displays any modifications made to the item, including who made the change, when it was made, and the item’s status (active or inactive).
4. Status Change: Tracks changes in the status of the item.
