cancel
Showing results for 
Search instead for 
Did you mean: 

Protect Secrets in Power Automate

Today:

  • "Secrets" such as usernames, passwords, clientIDs, clientSecrets, etc. are often required when using HTTP actions in Power Automate
  • These secrets may be embedded in plaintext in headers, urls or Request bodies
  • When you share a Flow, you share these plaintext values
  • Not everyone understands how to sanitize things before sharing or exporting
  • This is insecure

Proposed:

  • Add an "Initialize Secret" action to Power Automate where these types of secrets can be stored within a Flow
  • Only allow access to the plaintext of this action by password (or some other method of authorization)

Please consider hardening Power Automate with this type of action. 
Thank you

Status: New