A first look at the Logic Apps obfuscation feature!

Logic Apps don’t have explicit release notes, so sometimes new features pop-up by surprise.  This was the case today, when I discovered the highly requested obfuscation feature.  The idea behind this feature is that sensitive data is not shown in the monitoring view.  This feature is still in preview at the time of writing.  Let’s have a closer look!

The configuration

In a previous post about the Key Vault connector, I complained about the lack of obfuscation.  That’s why I want to take this as an example.

  • A simple request/response Logic App that gets the value of a secret.

ob1

  • You see that the secret value is visible in the outputs, which is not desired.

ob2

  • With the new security feature (available in the Settings), you can choose to secure the inputs and / or outputs.

ob3

  • The “lock” icon shows that the obfuscation is enabled.

ob4

  • If you use an obfuscated value in subsequent actions, the “lock” icon is still visible.

ob5

The run history

  • In the run history, the outputs of the Key Vault action are not visible.

ob6

  • The inputs / outputs of depending actions are also obfuscated.

ob7

  • There seems to be a small bug.  In case the inputs of an action are secured, and you only use the outputs of that action in subsequent ones, then the subsequent action is obfuscated too.

ob8

Conclusion

Very nice feature!  It works really well and is easy to understand.  The scope of the obfuscation feels too big for me.  In most scenarios, you just want to obfuscate a single HTTP header or a single property in the HTTP body.  Would be great if this becomes available as advanced setting in the future.

Cheers,
Toon

ABOUT

MEET THE YOUR AZURE COACH TEAM

Your Azure Coach is specialized in organizing Azure trainings that are infused with real-life experience. All our coaches are active consultants, who are very passionate and who love to share their Azure expertise with you.