Create Key Container Action



See Also

Create Key Container-Setting Properties, Delete Key Container Action, Generate Key Files Action, Sign Action, Verify Action


Creates new Machine-Level or User-Level Key Container. A Key container is a part of the key database in Windows that contains all the key pairs (public and private keys) belonging to a specific user or machine.

Practical Usage

Creates a new user or machine level key container and used to encrypt and decrypt information for applications that run under the specific user or machine identity. Other AutoMate cryptography actions (i.e. Encrypt, Sign, Verify actions) can be used in subsequent steps allowing the procedure of encrypting and decrypting files to be fully automated.


General Tab

Key Container Name

Text, Required

Specifies the name of the key container to be created. You must select the key container by clicking on Select Key Container button.

Key Container Level

Text [Options], optional default is "USER"

Specifies whether the new key container should be set to user level or machine level. Microsoft Windows makes machine-level key containers available to all users, whereas a user-level key container is available only to the user that created (or imported) the key container. The available options are:

More details regarding Machine-Level and User-Level RSA Key Containers can be found below under the Notes, section.

Key Size

Number, Required - default is 2048


Indicates the size or length of the key (in bits) used in a cryptographic algorithm. AutoMate uses standardized key sizes based on the asymmetric (RSA) system. The available options are:

NOTE: The amount of time it takes to generate a key container is dependant on the key size selected.


Comparing Machine-Level and User-Level RSA Key Containers

User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity. User-level RSA key containers can be useful if you want to ensure that the RSA key information is removed when the Windows user profile is removed. However, because you must be logged in with the specific user account that makes use of the user-level RSA key container in order to encrypt or decrypt protected configuration sections, they are inconvenient to use.

Machine-level RSA key containers are available to all users that can log in to a computer, by default, and are the most useful as you can use them to encrypt or decrypt protected configuration sections while logged in with an administrator account. A machine-level RSA key container can be used to protect information for a single application, all the applications on a server, or a group of applications on a server that run under the same user identity. Although machine-level RSA key containers are available to all users, they can be secured with NTFS Access Control Lists (ACLs) so that only required users can access them.


Custom Description

This action includes the Description tab for entering a custom step description.

More on setting custom step description

Standard Error Handling Options

This action also includes the standard Error Causes and On Error failure handling options/tabs.

More on Error Handling Options

Variables and Expressions

All text fields allow the use of expressions, which can be entered by surrounding the expression in percentage signs (example: %MYVARIABLE%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by pressing F2.

More on variables
More on expressions

More on the expression builder


NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

Example 1 - Create USER Level Key Container


Example 2 - Create MACHINE Level Key Container