- Overview
- Requirements
- Pre-installation
- Installation
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite
- Migrating standalone products to Automation Suite
- Step 1: Restoring the standalone product database
- Step 2: Updating the schema of the restored product database
- Step 3: Moving the Identity organization data from standalone to Automation Suite
- Step 4: Backing up the platform database in Automation Suite
- Step 5: Merging organizations in Automation Suite
- Step 6: Updating the migrated product connection strings
- Step 7: Migrating standalone Orchestrator
- Step 8: Migrating standalone Insights
- Step 9: Migrating standalone Test Manager
- Step 10: Deleting the default tenant
- Performing a single tenant migration
- Migrating between Automation Suite clusters
- Migrating from Automation Suite on EKS/AKS to Automation Suite on OpenShift
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Orchestrator advanced configuration
- Configuring Orchestrator parameters
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring NLog
- Saving robot logs to Elasticsearch
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Skipping host library creation
- Troubleshooting
- The backup setup does not work due to a failure to connect to Azure Government
- Pods in the uipath namespace stuck when enabling custom node taints
- Unable to launch Automation Hub and Apps with proxy setup
- Robot cannot connect to an Automation Suite Orchestrator instance
- Log streaming does not work in proxy setups
- Velero backup fails with FailedValidation error
- Accessing FQDN returns RBAC: access denied error
Automation Suite on EKS/AKS installation guide
Configuring encryption key per tenant
To configure the encryption key per tenant, take the following steps:
-
Update the Orchestrator parameters. In the configuration file, under
orchestrator, add theencryption_key_per_tenantsection. For more details, see Configuring Orchestrator parameters."orchestrator": { "enabled": true, "encryption_key_per_tenant": { "certificate_base_64": "", "certificate_password": "", "client_id": "", "directory_id": "", "vault_address": "" } }"orchestrator": { "enabled": true, "encryption_key_per_tenant": { "certificate_base_64": "", "certificate_password": "", "client_id": "", "directory_id": "", "vault_address": "" } }You must convert the certificate to base64 before using it as a parameter override. To do that, run the following command:
- PowerShell
[convert]::ToBase64String((Get-Content -path "path_to_certificate" -Encoding byte))[convert]::ToBase64String((Get-Content -path "path_to_certificate" -Encoding byte)) - Shell
base64 [_path_to_certificate_]base64 [_path_to_certificate_]
- PowerShell
-
Apply the new configuration, and then wait for the Orchestrator ArgoCD app to synchronize.
-
Enable the EncryptionKeyPerTenant feature by setting the following keys in
appSettings:"EncryptionKeyPerTenant.Enabled": "true", "EncryptionKeyPerTenant.KeyProvider": "AzureKeyVault","EncryptionKeyPerTenant.Enabled": "true", "EncryptionKeyPerTenant.KeyProvider": "AzureKeyVault",For more on updating
appSettings, see Configuring appSettings.Note:SMTP settings in Identity Server are not encrypted with the per-tenant key. After enabling encryption key per tenant, make sure to re-enter the SMTP password in the Automation Suite portal.