Highlight

Secrets should remain secret, but they are not by default.

Intro

If you ever developed any integration using Azure logic apps, you probably appreciate how easy is it to debug your workflows using visual designer. Everything is clear and well laid out, every action can be reviewed with all input and output parameters. It’s trully a fantastic way to build solutions.

Problem Statement

But, have you ever built a workflow which requires you to connect to key vault to grab a secret key, or some external API to generate some sort of API key, or maybe you needed to add a secret parameter. If you ever did that, then you know all these secrets will be visible in those logs that we all priase so much.

So what now?

Solution

There is a feature called Secure Inputs and Secure Outputs which is available on almost any action in Logic Apps. It’s pretty neat. The way it works is that it hides the values from the logic app run history.

How it works?

If you want to hide for example a secret value you retreived from the key vault, you just mark the action with Secure Outputs and it will take for you all of that.

The coolest thing is that every action which takes as an input, a value from a previously secured output. It will automatically get marked as secure input. Hence the value will not be shown in all dependant actions. Although, you use it in expression, it’s stil possible you will see it.

Need extra info? Read more.

If you want to learn more about how it work, feel free to read it here.

Summary

Secrets should never be exposed, under any circumstances. Whether that’s CICD logs, log analytics diagnostic or app logs, or just azure portal UI & logs. Secrets should always remain as the name suggests, a secret. This feature will allow you to achieve that.

Adam Marczak

Programmer, architect, trainer, blogger, evangelist are just a few of my titles. What I really am, is a passionate technology enthusiast. I take great pleasure in learning new technologies and finding ways in which this can aid people every day. My latest passion is running an Azure 4 Everyone YouTube channel, where I show that Azure really is for everyone!

Did you enjoy the article?

Share it!

More tagged posts