Quick Tip: Using Encrypted Variables in Orchestrator

Orchestrator 2012 introduced the capability to define a global Variable as encrypted. This now allowed admins to use variables to store passwords instead of typing them into lots of different places in runbooks. But if the variable is encrypted, how does it then un-encrypt the value to be used within activities? And, does the un-encryption happen for all the places where I might use the variable?

The quick answer is that encrypted variables are usable (unencrypted) in property fields that are designed to store encrypted data like passwords. This goes for all properties in activities where the text doesn’t display (like password properties), and also one special field – the script body of a Run .NET Script activity! That’s right, whenever you use an encrypted variable value in the body of the script in a Run .NET Script Activity, it gets automatically decrypted by the system so that you can use it correctly in your script. This is also why we decided to stop putting the body of the script in the published data (to protect against displaying passwords).

So, the next time you need to use a password in an activity, remember encrypted variables and stop typing the passwords over and over into individual activities. Until next time!