Protecting Sensitive Data in Logic Apps with Secure Inputs and Outputs
Enable Secure Inputs and Outputs
Security is essential and when using Logic Apps, ensuring the safety of your inputs and outputs is equally critical. Without proper security, anyone with access to your run history could peek into sensitive information like passwords, tokens, or private details.
Thankfully, Logic Apps provides Secure Inputs and Secure Outputs options to help mask sensitive data in the run history.
Why does this matter?
By default, Logic App run history stores input and output details for every action. While this is useful for debugging while we are in dev, it can expose sensitive data like passwords, API keys, or secrets.
Imagine a Logic App that processes user payment details. It retrieves sensitive information like credit card numbers, expiration dates, or transaction tokens to complete a payment. Now, what if someone could open the workflow history and see every single one of those details?
With Secure Inputs, you can mask the input payload containing credit card information. With Secure Outputs, you can ensure the response, such as transaction IDs or tokens, remains hidden from the logs.
Enabling Secure Inputs and Secure Outputs ensures this sensitive data remains hidden, even in run logs.
Some considerations to know when using this feature:
The secured data isn’t sent to Azure Log Analytics or included in the workflow history API responses.
Tracked properties can’t be added to the secured trigger or action.
To secure outputs from an action that obscures inputs or explicitly obscures outputs, manually turn on Secure Outputs in that action.
Ensure Secure Inputs or Secure Outputs is enabled for downstream actions if you want to obscure sensitive data in the run history.
How to Enable Secure Inputs and Outputs from the Designer
1. Open your Logic App in the Azure portal.
2. Navigate to the specific action or trigger you want to secure.
3. Expand the Settings section of the action.
4. Toggle Secure Inputs and Secure Outputs to "On."
5. Click Done to save your settings.
When you run the workflow or when triggered, this is what you get in the Run History:
You can also do this in the code view:
Securing Inputs and Outputs offers additional benefits, particularly in ensuring compliance:
Minimizes the risk of exposing confidential information during audits or troubleshooting.
Supports adherence to data protection regulations such as GDPR and HIPAA.
By implementing this practice, you make your Logic App solutions both robust and secure!
That’s all for today. See you in the next one.