Credential Vault

The Robility Credential Vault is a secure feature designed to store and manage sensitive information such as credentials, API keys, and confidential data within the Robility platform. It ensures secure access to secrets during automation workflows, minimizing exposure risks.

By default, the Credential storage is set to “Robility Manager Instance”. This option can be configured in the tenant selection area. Click here to learn more about it. This step is crucial for the tenant admin because all credentials will be stored in the area based on the storage configuration. 

How the Credential Vault is Secured

1. Tenant Isolation: Credentials for each tenant are stored in isolated databases that are physically separate and hosted in Azure SQL Managed Instances (Azure SQL MI). These databases are protected with Transparent Data Encryption (TDE) to secure data at rest, ensuring tenant-specific security.

2. Encryption Mechanism: AES-256 Encryption: The Robility Credential Vault employs AES (Advanced Encryption Standard) with a 256-bit key to encrypt sensitive data. This industry-leading encryption ensures robust security for stored secrets. Encryption keys are securely managed and stored within the Robility infrastructure.

3. Secure Communication: All communication between Robility components, such as bots, the Credential Vault, and the Robility Manager, is secured using TLS 1.2 (Transport Layer Security), safeguarding data in transit.

4. Role-Based Access Control (RBAC): Robility enforces strict role-based access controls, ensuring that only authorized users and processes can access or modify stored credentials.

5. Audit Logs: Credential Vault activities, such as storing, retrieving, or modifying credentials, are logged to support audit and compliance requirements. 

Third Party Vault Integration

Robility integrates seamlessly with external credential management systems, allowing organizations to leverage existing solutions for secure credential storage and retrieval.

Supported Third-Party Vaults:

Azure Key Vault: Allows secure storage and management of credentials using Azure’s encryption and policy controls.
Aws: Provides secure storage, automatic rotation, and fine-grained access control for secrets, ensuring safe integration with AWS services and applications.
Google: Enables secure storage and access management of API keys, passwords, and other sensitive data, integrated with Google Cloud’s IAM and audit logging.

Click here to configure third party vault integrations. 

Advantages

1. Enhanced Security: Implements advanced encryption and access controls to protect sensitive data.
2. Centralized Management: Streamlines credential management by centralizing sensitive information storage.
3. Zero Trust Enforcement: Access is strictly granted only to authenticated users or bots with appropriate permissions, aligning with Zero Trust security principles.
4. Flexible Infrastructure Options: Works with both Robility Manager’s instance vault and external third-party vaults, allowing organizations to choose based on their infrastructure preferences.
5. Auditability and Compliance: Tracks and logs credential access to meet compliance requirements such as GDPR, ISO 27001, and HIPAA.