- Overview
- UiPath CLI
- About UiPath CLI
- Downloading UiPath CLI
- Compatibility matrix
- Running UiPath CLI
- Managing NuGet feeds
- Test Manager Support
- Packing projects into a package
- Signing project packages
- Analyzing a project
- Deploying a package to Orchestrator
- Running a job inside Orchestrator
- Testing a package or running a test set
- Testing multiple packages
- Deploying assets to Orchestrator
- Deleting assets from Orchestrator
- Running tasks using JSON configuration
- Restoring automation dependencies
- Troubleshooting UiPath CLI
- Azure DevOps extension
- Jenkins plugin
CI/CD integrations user guide
Authentication and Scopes
All Solution commands require authentication through an External Application configured in Orchestrator. Unlike standalone project tasks, solutions do not support machine or interactive authentication methods.
Authentication requirements
Solutions commands authenticate exclusively via OAuth2 with External Apps.
You must configure an External Application in Orchestrator Admin with the appropriate scopes before running any Solution CLI commands.
Required OAuth scopes
Solutions use a dedicated set of application scopes that differ from standard Orchestrator scopes. Configure your External App with the following scopes for all Solution operations:
Copy-paste format for CI/CD secrets:
AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write
AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write
This single-line, space-separated format can be directly used in:
- Azure DevOps Variable Groups
- GitHub Repository Secrets
- Jenkins Credentials Store
Note: The following operations do not require authentication as they run locally:
restore- Restores dependencies locallyanalyze- Validates projects locallypack- Creates packages locally
Common authentication parameters
All Solution commands that interact with Orchestrator require these parameters. You can use either the short form or the long form (alternative) for each:
| Short form | Long form (alternative) | Description | Example |
|---|---|---|---|
-U | N/A | Orchestrator URL | See Orchestrator URL below |
-T | N/A | Orchestrator tenant name | DefaultTenant |
-A | --accountForApp | Organization (account) name | myorg |
-I | --applicationId | External App ID | 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
-S | --applicationSecret | External App secret | **** (keep secure) |
--applicationScope | N/A | Scope list (see above) | Above |
--traceLevel | N/A | Logging level | Information, Verbose, Warning |
Example with long-form parameters:
uipcli solution upload-package ./packages/MySolution.1.0.0.zip \
-U https://cloud.uipath.com/ \
-T DefaultTenant \
--accountForApp myorg \
--applicationId 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--applicationSecret **** \
--applicationScope "AutomationSolutions Solutions.Packages Solutions.Packages.Write"
uipcli solution upload-package ./packages/MySolution.1.0.0.zip \
-U https://cloud.uipath.com/ \
-T DefaultTenant \
--accountForApp myorg \
--applicationId 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--applicationSecret **** \
--applicationScope "AutomationSolutions Solutions.Packages Solutions.Packages.Write"
Orchestrator URL
Use the base URL only for the Orchestrator instance. Do not include organization, tenant, or path segments (for example, do not use https://cloud.uipath.com/myorg/DefaultTenant/orchestrator_). Organization and tenant are passed separately with -A and -T.
- UiPath Automation Cloud: Use the cloud base URL (for example
https://cloud.uipath.com/orhttps://staging.uipath.com/). - Automation Suite (on-premises or private cloud): Use the base URL of your Automation Suite instance (for example
https://uipath.yourcompany.com/). The URL is the same as for package commands. Only the base address of your Orchestrator (or Automation Suite) differs from the public cloud.
When using external application authentication without specifying the --applicationScope parameter, the CLI automatically applies the required scopes for Solution commands.
Setting up an External Application
To create an External Application for Solutions:
- Log in to Orchestrator as an Administrator.
- Navigate to Admin → External Applications.
- Click Add Application.
- Provide a name (e.g.,
CI-CD-Solutions). - Select Confidential application as the Application Type.
- Add the required scopes listed above.
- Copy the Application ID and Secret and store them securely in your CI/CD secret manager.
For detailed instructions on configuring external applications, see Managing external OAuth applications.
Using custom Orchestrator feeds
When using custom activity feeds from Orchestrator during restore operations, use these alternative parameters:
| Standard Parameter | Custom Feed Parameter |
|---|---|
--applicationScope | --libraryOrchestratorApplicationScope |
-T (tenant) | --libraryOrchestratorTenant |
-U (URL) | --libraryOrchestratorUrl |
| (folder) | --libraryOrchestratorFolder |
Example:
uipcli solution restore <solution-path> \
-A myorg \
-I 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-S **** \
--libraryOrchestratorApplicationScope "OR.Folders OR.Settings.Read" \
--libraryOrchestratorTenant DefaultTenant \
--libraryOrchestratorUrl https://cloud.uipath.com/ \
--libraryOrchestratorFolder MyFolder
uipcli solution restore <solution-path> \
-A myorg \
-I 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-S **** \
--libraryOrchestratorApplicationScope "OR.Folders OR.Settings.Read" \
--libraryOrchestratorTenant DefaultTenant \
--libraryOrchestratorUrl https://cloud.uipath.com/ \
--libraryOrchestratorFolder MyFolder
Security best practices
- Never hardcode secrets in pipeline YAML or scripts.
- Use your CI/CD platform's secret management:
- Azure DevOps: Variable Groups with Secret variables.
- GitHub Actions: Repository or Organization Secrets.
- Jenkins: Credentials Store.
- Rotate External App secrets regularly.
- Use separate External Apps for different environments (Dev, Test, Prod).
- Apply least-privilege scopes - only grant what's needed for each pipeline.