Login
Updated on January 20, 2025

Best Practices

Estimated reading: 2 minutes 1509 views

Understanding best practices for storing data in a vault is essential for maintaining security and efficiency in automation processes. This section outlines what is suitable to store in a vault and what to avoid, ensuring optimal use of secure storage while minimizing risks.

What is Good to Store in the Vault

1. User Credentials:

a. System or application usernames and passwords.
b. Service account credentials with scoped access.

2. Use Specific Accounts: Store service or automation accounts rather than individual user credentials whenever possible. Service accounts are more secure and can be tightly scoped to the specific automation.

3. Scope Access: Ensure that only the robots or processes that require specific credentials have access to them in the vault.

4. Regular Rotation: Automate or manually rotate credentials stored in the vault to mitigate risks in case of a breach.

5. Use Least Privilege: Limit the stored credentials to the minimum level of access required for the automation.

What is Bad to Store in the Vault

1. Do Not Store Generic or Shared User Accounts: Avoid storing credentials for shared or generic accounts unless absolutely necessary, as they can be harder to monitor.

2. Personal Accounts: Storing individual user credentials for personal systems is generally discouraged, as it introduces compliance and privacy challenges. If you store credentials for personal user accounts, ensure this complies with company and regulatory policies, such as GDPR or HIPAA.

3. Volatile or Temporary Credentials: Frequently changing credentials may not be ideal for the vault unless you have automated rotation.

4. High-Privilege Admin Accounts: While possible, it is better to avoid storing root or highly privileged credentials unless critical, as the risks of compromise are higher.

5. Large Files: Credential Vaults are not intended for file storage. Use appropriate file storage solutions for such data.

6. Frequently Changing Data: Avoid storing data that changes frequently, as this can lead to inefficiencies in retrieval and maintenance.

7. Personal Identifiable Information (PII): While the vault is secure, avoid storing excessive PII that may be subject to stringent compliance regulations. Only store what is necessary for operations.

8. Non-Sensitive Information: Avoid storing data that does not require encryption, as it consumes unnecessary resources. 

Next - Credential Vault Configuring Credentials

Recently Viewed articles

Share this Doc

Best Practices

Or copy link

CONTENTS