CredentialManagerConfig.xml - Reference same network file from multiple bots

Hello,

We’re attempting to install Robotics 22.1.22.0 on Windows2022. In this setup, we’d like to configure our bots across a stack to reference the same credentialmanagerconfig.xml reducing the effort to maintain the file across the environment.

We’ve attempted to update the CommonConfig.xml CredentialManager property to a direct path, but it fails to resolve this. It seems to only accept a few preset environmental variables.

To work around this, we attempted to use a symlink mapping the path to the credentialmanagerconfig.xml directly to the target config on NAS. I’m able to access it manually, but when starting the RPAService, it gets an access error reaching the symlink (C:\ProgramData\Pegasystems\CredentialManagerConfig.xml → NAS CredMgrConfig.xml):

MTA | Service | Access to the path ‘C:\ProgramData\Pegasystems\CredentialManagerConfig.xml’ is denied.
System.UnauthorizedAccessException: Access to the path ‘C:\ProgramData\Pegasystems\CredentialManagerConfig.xml’ is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at OpenSpan.Security.Configuration.CredentialManagerConfigHelper.LoadCredentialConfig()
at OpenSpan.Security.Configuration.CredentialManagerConfigHelper..ctor(ISecureDataStoreLogger logger)

Is there a means of mapping multiple bots to use the same CredentialManagerConfig.xml?

Thanks!

@ChrisF97 We don’t currently support a central location for this file right now. I wonder if the Symlink would work if you used a hard link.

https://www.howtogeek.com/16226/complete-guide-to-symbolic-links-symlinks-on-windows-or-linux/

What is it about the file though that needs customizing with each bot? Could you now use the machine name in the credential provider? If so, then you could use the replaceable parameters in the file, and they could be the same for every bot.

Hi @ThomasSasnett,

Thanks for your response. I checked into the hard link, and it appears it can only be created across the same partition. So accessing the network share from our local disk won’t work with a hard link.

In our scenario, we maintain the same CredentialManagerConfig.xml across each environment. There are no discrepancies between machines in a stack, but each time we add a new application or use-case, we must add the new entries and update each of our RPA bots. We were hoping to minimize the maintenance effort of copying it to each machine and instead have all of the machines reference the same config stored at a common network location.

Thanks again,

Chris

@ChrisF97 That makes sense. I will let our product team know and perhaps they can create a future enhancement. If you feel this functionality is needed with more urgency, you can open a support request to get a formal feature request submitted.