{"id":19977772,"url":"https://github.com/uipath/orchestrator-credentialstoreplugins","last_synced_at":"2025-05-04T03:30:52.621Z","repository":{"id":41952699,"uuid":"208106035","full_name":"UiPath/Orchestrator-CredentialStorePlugins","owner":"UiPath","description":"Credential Store Plugins as examples on how to create third party plugins to use on the Orchestrator.","archived":false,"fork":false,"pushed_at":"2022-04-22T15:04:42.000Z","size":816,"stargazers_count":12,"open_issues_count":1,"forks_count":11,"subscribers_count":87,"default_branch":"master","last_synced_at":"2025-04-29T10:06:17.876Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/UiPath.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-12T17:23:57.000Z","updated_at":"2024-09-23T00:53:46.000Z","dependencies_parsed_at":"2022-08-12T00:30:34.665Z","dependency_job_id":null,"html_url":"https://github.com/UiPath/Orchestrator-CredentialStorePlugins","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UiPath%2FOrchestrator-CredentialStorePlugins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UiPath%2FOrchestrator-CredentialStorePlugins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UiPath%2FOrchestrator-CredentialStorePlugins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UiPath%2FOrchestrator-CredentialStorePlugins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/UiPath","download_url":"https://codeload.github.com/UiPath/Orchestrator-CredentialStorePlugins/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251480519,"owners_count":21596017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T03:29:14.060Z","updated_at":"2025-05-04T03:30:51.705Z","avatar_url":"https://github.com/UiPath.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Orchestrator-CredentialStorePlugins\n Credential Store Plugins are a set of examples of how to create Credential Store plugins to use with Orchestrator.\n\n## Getting Started\n ### Prerequisites\n  Visual Studio 2019 or newer.\n  \n ### Create your own Secure Store plugin\n  1. In Visual Studio, create a new Class Library (.NET Standard) Project\n  2. Replace the content of the .csproj file with the following:\n```xml\n\u003cProject Sdk=\"Microsoft.NET.Sdk\"\u003e\n  \u003cPropertyGroup\u003e\n    \u003cTargetFramework\u003enetstandard2.0\u003c/TargetFramework\u003e\n    \u003cAppendTargetFrameworkToOutputPath\u003efalse\u003c/AppendTargetFrameworkToOutputPath\u003e\n  \u003c/PropertyGroup\u003e\n  \u003cItemGroup\u003e\n    \u003cPackageReference Include=\"UiPath.Orchestrator.Extensibility\" Version=\"1.0.4\" /\u003e\n    (Other dependencies here)\n  \u003c/ItemGroup\u003e\n\u003c/Project\u003e\n```\n  3. Under the new project, create a new class and implement ISecureStore interface:\n```csharp\nnamespace Your.NameSpace\n{\n    public class YourSecureStore : ISecureStore\n    {\n        // Your Implementation\n    }\n}\n```\n  4. When you finish, build the project to get `\u003cYourSecureStore\u003e.dll`.\n \n ## Secure Store Lifecycle\n Secure Store plugins allow 3rd party developers to have a custom implementation of storage for secrets and credentials in UiPath Orchestrator, by offering an implementation for the following interface:\n \n ```csharp\npublic interface ISecureStore\n{\n\tSecureStoreInfo GetStoreInfo();\n\n\t// Configuration APIs\n\tvoid Initialize(Dictionary\u003cstring, string\u003e hostSettings);\n\n\tIEnumerable\u003cConfigurationEntry\u003e GetConfiguration();\n\n\tTask ValidateContextAsync(string context);\n\n\t// Robots credential APIs\n\tTask\u003cstring\u003e GetValueAsync(string context, string key);\n\t\n\tTask\u003cstring\u003e CreateValueAsync(string context, string key, string value);\n\n\tTask\u003cstring\u003e UpdateValueAsync(string context, string key, string oldAugumentedKey, string value);\n\n\t// Assets credential APIs\n\tTask\u003cCredential\u003e GetCredentialsAsync(string context, string key);\n\n\tTask\u003cstring\u003e CreateCredentialsAsync(string context, string key, Credential value);\n\n\tTask\u003cstring\u003e UpdateCredentialsAsync(string context, string key, string oldAugumentedKey, Credential value);\n\n\t// deletion for both Asstes and Robots credentials\n\tTask RemoveValueAsync(string context, string key);\n}\n ```\n \nThe parameter `context` from all methods on the interface is a json-serialized representation of the instance-level configuration that is defined by the method `GetConfiguration`.\n\nExample:\n\nIf your configuration is:\n\n```csharp\npublic IEnumerable\u003cConfigurationEntry\u003e GetConfiguration()\n{\n    return new List\u003cConfigurationEntry\u003e\n    {\n\tnew ConfigurationValue(ConfigurationValueType.String)\n\t{\n\t    Key = \"MySetting\",\n\t    DisplayName = \"My Setting\",\n\t    IsMandatory = true,\n\t},\n\tnew ConfigurationValue(ConfigurationValueType.Boolean)\n\t{\n\t    Key = \"MyBooleanSetting\",\n\t    DisplayName = \"Boolean Setting\",\n\t    IsMandatory = false,\n\t},\n    };\n}\n```\n\nthe value of the `context` parameter could be: `\"{\"MySetting\":\"Value entered by user\",\"MyBooleanSetting\":true}\"`, where the values are configured when adding the Secure Store instance.\n \n ### Info \n The Secure store is defined by \n ```csharp\npublic class SecureStoreInfo\n{\n\tpublic string Identifier { get; set; }\n\n\tpublic bool IsReadOnly { get; set; }\n}\n ```\n \n `Identifier` is the name of the Secure store type in Orchestrator UI to define new Secure Stores instances\n \n `IsReadOnly` specifies if the current store type has the capability to create/update/delete new records, or all the records are immutable, already present in the store. \n \n ### Initialization and Configuration\n Secure store plugins have 2 types of configuration\n 1) The Host level configuration is specified in web.config by key-value pairs. The keys have the following format `Plugins.SecureStores.{Plugin_indentifier}.{Setting_name}`. During the start-up of Orchestrator, all host level settings for the current plug-in are injected by a call to `Initialize(Dictionary\u003cstring, string\u003e hostSettings)`. The plugin has the option to validate the settings by throwing an exception on initialization, and if they are not valid, an error will be logged, and the plugin will not be available for the creation of new credential stores. Existing Robots and Assets using instances of that Secure Store type will fail to load protected values.\n \n![Plugin Load Sequence](/docs/img/Pluggable.png)\n \n 2) Secure Store Instance level configuration. Each secure store instance can specify a configuration relevant only for the current instance. The configuration is in JSON format with fields defined by `IEnumerable\u003cConfigurationEntry\u003e GetConfiguration();` which will be used to dynamically create new Secure Store UI, for example, this is [the configuration](https://github.com/UiPath/Orchestrator-CredentialStorePlugins/blob/master/src/SecureStore.AzureKeyVault/AzureKeyVaultSecureStore.cs#L200) for the UI generated for a new instance of AzureKeyVault Secure Store.\n ![Azure Key Vault Config](/docs/img/SecureStoreConfig.PNG)\nWhen a new Secure Store is defined, the configuration will be further validated by calling `Task ValidateContextAsync(string context)`. In the case of AzureKeyVault Secure Store, the validation will check if the basic operations for Create/Read/Update/Delete are supported.\n\nThe parameter `context` from all methods on the interface is a json-serialized representation of this configuration.\n \n  ### Assets Credentials\n  \nCredential assets specific APIs are in the context of a `key`.  The key is the optional parameter external_name specified in the Asset creation/edit flow. If external_name is empty, then the key would be the asset name.\n\n In the case of a read-only store, the credential assets records are already present in the store, and they can be retrieved by correlating with the `key`.\n \n In the case of a read/write store, a new record in the secure store will be generated with the call to `CreateCredentialsAsync(string context, string key, Credential value)` where `value` is the username/password pair in the asset definition. The plugin can return a reference for the created record, to be used instead of the external_name key for subsequent operations on the asset credential READ / UPDATE / DELETE. If the returned key is null or empty, the external_name key will be used for subsequent operations.\n \n ![Assets CRUD workflow ](docs/img/Asset%20Diagram%20%5Bexternal%5D.png)\n \n ### Robots Credentials\n \n Robot specific APIs are in the context of a `key`.  The key is the optional parameter external_name specified in the robot creation/edit flow. If external_name is empty, then the key would be username if this is an Active Directory username format `{Domain}\\{user}` or if not the key will be `{machineName}\\{userName}`.\n In the case of a read-only store, the robot records are already present in the store, and they can be retrieved by correlating with the `key`.\n \n In the case of a read/write store, a new record in the secure store will be generated with the call to `CreateValueAsync(string context, string key, string value)` where value is the password for the username used for the robot. The plugin can return a reference for the created record, to be used instead of the external_name key for subsequent operations on the robot credential READ / UPDATE / DELETE. If the returned key is null or empty, the external_name key will be used for subsequent operations.\n \n\n ## Deployment\n  1. Locate your Orchestrator installation\n  2. Copy the `YourSecureStore.dll` file to the plugins folder\n  3. Enabled plugin via updating [web.config](https://docs.uipath.com/orchestrator/v2019/docs/app-settings#section-password-vault) where\n  `\u003cadd key=\"Plugins.SecureStores\" value=\"YourSecureStore.dll\"/\u003e`\n  4. Restart your Orchestrator instance.\n  \n  ### License\n  Current samples are available under [UiPath Open Platform License Agreement (“OPLA”)](https://github.com/UiPath/Orchestrator-CredentialStorePlugins-Samples/blob/master/UiPath_Activity_License_Agreement.pdf)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuipath%2Forchestrator-credentialstoreplugins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuipath%2Forchestrator-credentialstoreplugins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuipath%2Forchestrator-credentialstoreplugins/lists"}