Technical architecture and security
How is Robocorp Control Room hosted?
Robocorp Control Room is hosted in Amazon Web Services (AWS) datacenters. AWS maintains SOC2 and ISO 27001 compliance certifications among others and provides robust means to provide secure services to Control Room users.
What kind of security measures are taken for Control Room?
We conduct internal security audits regularly, and every major architectural change undergoes a security review. We also arrange external penetration tests for Control Room in order to verify the effectiveness of our security controls.
In the event of a high-risk vulnerability or a threat that could potentially impact our users data confidentiality or the availability of Control Room, we aim to fix the issues outside of our regular production update cycles and as soon as possible.
If an external security researcher discovers a vulnerability in any of our products, our Security.txt(https://robocorp.com/.well-known/security.txt) has information on how to get in contact with us.
Does Control Room collect sensitive data?
Control Room requires something we refer to as control data in order to operate. This data includes instructions and commands sent to the runtime environments and the packaged code for processes. For various services we may store and process also data generated by the processes, which we refer to as process data. This data is stored for the convenience of the user, such as error logs so they can be viewed within Control Room. In addition, we provide a means for securely storing secrets and tokens in Control Room Vault.
However, it is to be noted that it is ultimately up to the software robot developer to choose what is uploaded to Control Room. It is good to keep in mind that sensitive tokens, such as passwords or personally identifiable information, should not be hard-coded in robots. It is also advisable to refrain from printing sensitive data into output logs as they could end up in Control Room.
How is data protected in Control Room?
Any data travelling through the Internet is encrypted in transit using TLS. Furthermore, especially sensitive data such as Vault secrets have two-fold encryption and are also encrypted on the application level. This means proxies or application logs cannot view the data, even accidentally.
Data is stored in AWS and encrypted at rest using industry-standard AES-GCM encryption.
How are vault secrets stored in Control Room?
Control Room Vault employs multiple techniques to ensure the confidentiality of its contents. At its core, Vault encrypts the contained secrets using AES-256 in Galois/Counter Mode (GCM). Each secret is encrypted with a data key that is unique for the specific secret. The data key is further encrypted with a master key, and the encrypted secret and encrypted data key are stored in a database. This design is commonly referred to as envelope encryption.
The master key is managed and protected by AWS-specific means (KMS), and it is never accessible in plaintext format by the Vault application. Decryption happens only on demand: for example, when opening an individual secret in the Control Room Vault web interface or when requested by a digital runtime environment. All data is encrypted in transit using TLS.
Secret payloads are encrypted with an ephemeral key to ensure the requested secret can be opened only by the intended recipient.
Control Room Vault is designed to provide a balance of solid security and convenience. We are confident in the design and are happy to discuss and address any further questions. However, please always consult with your organization’s security team to evaluate the suitability of Control Room Vault for your specific use case.
Keep in mind that anyone in your organization with access to a shared or private workspace can view the secrets stored in the Vault of that workspace.