Showing results for 
Search instead for 
Did you mean: 
Helper II
Helper II

PCF external services API Key/Secrets security

Hi All,


*apologies if this has been discussed already*


We've seen a few PCF controls that utilise extrernal services and APIs. Skimming through some of these controls it seems like the apporach tends to be via a config parameter that takes a key/secret/url or embedded in the .ts file directly.

This is obviously a concern from a security point of view as the key could be easily accessed via developer tools or the custom control configuration. My questions:

  • Is there a better approach to defining and storing keys/secrets for PCFs?
  • Could we maybe have a secure property type that can handle this? (totally open to other suggestions btw)

Some other ideas that went through my head:

  • config entity that is queried - but this tightly couples a control to an entity
  • storing in keyvault - but this is subject to the same secret config issue and may have a performance impact





You don't have to hard code the key. You could use the PlugIn "Secure Configuration" to store the key.

Kind regards,
Please click "Accept as Solution" if my post answered your question so that others may find it more quickly. If you found this post helpful consider giving it a "Thumbs Up."

I agree.

That's what even I was suggesting to use configuration part for. 

Helpful resources

PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (1,536)