Unit 4: Credential Vault, Lockers, and Resilient & Scalable Bots

1. Overview of Credential Vault and Lockers

In Enterprise RPA, security is paramount. Bots often interact with secure applications (ERPs, databases, web portals) requiring authentication. Hardcoding credentials (usernames and passwords) directly into bot code is a critical security vulnerability.

The Credential Vault

The Credential Vault is a centralized, secure repository used to store sensitive information. It creates a separation between the developer and the credentials.

• Function: Stores usernames, passwords, API keys, and connection strings.
• Security Standard: typically utilizes AES-256 encryption.
• FIPS Compliance: Most enterprise RPA vaults are FIPS 140-2 compliant.
• Benefit: Developers can build bots using credential references without ever knowing the actual password.

Lockers

A Locker is a logical container used to group credentials and enforce Role-Based Access Control (RBAC).

• Purpose: To organize credentials based on business units, processes, or security levels (e.g., "HR Locker," "Finance Locker").
• Association: Credentials must be placed inside a locker to be accessible to a bot or a user.
• Access Control: Administrators assign specific roles (Consumers) to specific lockers. Only users/bots with the "Consumer" role for a locker can use the credentials inside it.

2. Secure Credential Management

Creating and Managing Credentials

A "Credential" is an object in the Vault that creates a map of attributes.

1. Standard Attributes: Standard fields required for login, usually Username, Password, and Description.
2. User-Defined Attributes: Custom fields added for specific needs (e.g., ServerAddress, API_Secret, PortNumber).
3. Credential Creation Process:
   • Define the Credential Name.
   • Input the sensitive values (these are masked immediately).
   • Define security policies (e.g., password cannot be viewed by the creator).

Creating and Managing Lockers

The workflow involves linking the credential to the user via the Locker.

1. Create Locker: Name the locker and provide a description.
2. Add Credentials: Select credentials from the vault to place into this locker.
3. Add Consumers: Select the Roles (e.g., Finance_Bot_Runners) allowed to access these credentials.
4. Add Managers: Select the users allowed to edit/modify the credentials within the locker.

Integrating Lockers with Bots

When developing a bot, credentials are accessed via variables rather than strings.

• Syntax: Usually follows a pattern like .
• Runtime Behavior: At runtime, the bot requests the credential from the Control Room/Orchestrator. The server verifies if the bot has permission (via the Locker). If authorized, the encrypted token is passed to the bot runner, decrypted in memory, used, and then wiped.

Secure Data Handling Best Practices

• Variable Masking: Ensure variables holding sensitive data are flagged as "Sensitive" or "Masked" so they do not appear in logs or debug windows.
• Clipboard Management: Avoid copying passwords to the system clipboard. Use direct entry methods (Type Secure Text).
• Log Suppression: Disable logging during steps that handle sensitive data to prevent writing PII or credentials to plain text log files.

3. Designing Resilient Bots

A Resilient Bot is one that can handle unexpected changes, system failures, or data irregularities without crashing and requiring manual intervention.

Error Handling Architecture

Error handling distinguishes a "happy path" script from a production-ready bot.

Try-Catch-Finally Blocks

This is the standard programming structure used in RPA to manage exceptions.

• Try Block: Contains the main logic of the bot. If an error occurs here, the bot immediately jumps to the Catch block.
• Catch Block: Defines what to do when an error occurs.
  • Actions: Log the error, take a screenshot, send an email to the admin, or set a "Failed" transaction status.
• Finally Block: Runs regardless of success or failure.
  • Actions: Cleanup tasks (closing applications, logging out, releasing file handles) to ensure the machine is ready for the next run.

Pseudocode Example:

Begin Error Handling
    TRY
        Open "SAP Application"
        Login using Credential Vault
        Process Invoice
    CATCH (WindowNotFoundException)
        Log "SAP failed to launch."
        Take Screenshot "Error_SAP_Launch.png"
        Send Email to Admin
    CATCH (GenericException)
        Log "Unknown error occurred."
    FINALLY
        Close "SAP Application"
        Kill Process "saplogon.exe"
End Error Handling

Self-Healing and Recovery

• Retry Logic: If a specific step fails (e.g., a web page loads slowly), the bot should retry the action a defined number of times before failing.
  • Loop (3 times): Try Click -> If Error -> Wait 5s -> Continue Loop.
• Environment Reset: If a fatal error occurs, the bot should attempt to "clean" the environment (force close apps) and restart the transaction from the beginning.

4. Building Scalable Bots

Scalability refers to the ability of the RPA solution to handle increasing workloads (volume of transactions) by adding more bots without rewriting the core logic.

Queue Management (Workload Management)

Scalability is best achieved using a Producer-Consumer model via Work Queues.

1. Decoupling: Separate the process into two bots:
   • Dispatcher (Producer): Reads input data (Excel, Email) and adds items to a centralized Queue in the Control Room.
   • Performer (Consumer): Picking up one item at a time from the Queue and processing it.
2. Scaling: If the volume triples, you do not change the code. You simply provision two more "Performer" bot runners to pull from the same Queue simultaneously.

Modular Design

• Sub-tasks/Meta-bots: Break complex processes into small, reusable components (e.g., "Login_SAP", "Scrape_Invoice", "Logout").
• Benefit: If the SAP login screen changes, you only update the "Login_SAP" component, and all bots using it are automatically updated.

Dynamic Syncing

Avoid hardcoded delays (e.g., Delay 10 seconds). This creates slow, brittle bots.

• Solution: Use "Wait for Condition" commands.
  • Wait for Window to Exist
  • Wait for Screen Change
  • Wait for File to be Created
• Result: The bot runs as fast as the application allows.

5. Performance Optimization

Optimization ensures the bot utilizes resources efficiently and completes tasks within the Service Level Agreement (SLA).

1. Background Processing: Wherever possible, use backend automation (API, Database queries, XML parsing) instead of UI automation. UI is slow; APIs are fast.
2. Selector Optimization: Use robust selectors (wildcards) to ensure the bot finds elements quickly without scanning the whole DOM tree.
3. Minimize Logging: In production, logging every step consumes I/O and slows execution. Log only start, end, and exceptions.
4. Parallel Processing: Utilizing parallel loops for independent calculations (if supported by the RPA tool).

6. Testing, Deployment, and Maintenance

Testing Strategies

• Unit Testing: Testing individual components (e.g., testing just the "Login" task).
• Integration Testing: Testing the flow from start to finish with other systems.
• User Acceptance Testing (UAT): The business user validates the bot's output against expected results in a test environment.
• Negative Testing: Deliberately providing bad data or closing applications to ensure the Error Handling logic works correctly.

Deployment (Bot Lifecycle Management)

Moving bots through environments (Dev -> QA -> Production).

1. Export/Import: Moving the bot package.
2. Dependency Check: Ensuring all sub-tasks and config files are included.
3. Variable Mapping: Updating environment variables (e.g., switching from the "Test Database" path to the "Production Database" path).
4. Versioning: Maintaining version history to allow rollbacks if the new version fails.

Bot Maintenance

RPA is not "set it and forget it."

• Monitoring: Using Dashboards to track Bot Heartbeats, Success/Failure rates, and Average Handling Time (AHT).
• Change Management: If the underlying application (e.g., Salesforce) updates its UI, the bot selectors must be updated.
• License Management: Ensuring bot runner licenses are allocated efficiently to high-priority processes.