What is the best advice for storing credentials (username/password) to production systems? The company I am working with would like to try to limit exposure to production systems as there is information that should be restricted. For development, we will have development systems that has similar but not "real" data.
When its time to move to production, the scripts should work as the development and production systems will have the same versions of software.
Currently, I was using Data Items to store these. Another developer suggested using a VBO with Blue Prism called Credentials - the username/passwords are stored in BP's database. I presume this limits my need as a developer to know the values.
Other benefits - I would assume we can update the BP database if the user password changes instead of having to modify the scripts.
I was also wondering if anyone uses any type of REST api calls to get username/passwords? However, the script would need to know the secret key to decrypt, so not sure this provides true separation of duties. I suppose with the Blue Prism VBO, another person could update the password. I'm still not sure how this prevents a developer from getting the password and pasting into a log file (or whatever).
We have system auditors that examine our processes. We are trying to implement best practices before we are reviewed. Thanks in advance for any feedback.
When its time to move to production, the scripts should work as the development and production systems will have the same versions of software.
Currently, I was using Data Items to store these. Another developer suggested using a VBO with Blue Prism called Credentials - the username/passwords are stored in BP's database. I presume this limits my need as a developer to know the values.
Other benefits - I would assume we can update the BP database if the user password changes instead of having to modify the scripts.
I was also wondering if anyone uses any type of REST api calls to get username/passwords? However, the script would need to know the secret key to decrypt, so not sure this provides true separation of duties. I suppose with the Blue Prism VBO, another person could update the password. I'm still not sure how this prevents a developer from getting the password and pasting into a log file (or whatever).
We have system auditors that examine our processes. We are trying to implement best practices before we are reviewed. Thanks in advance for any feedback.