A first look at the Logic Apps obfuscation feature!

Logic Apps don’t have explicit release notes, so sometimes new features pop-up by surprise.  This was the case today, when I discovered the highly requested obfuscation feature.  The idea behind this feature is that sensitive data is not shown in the monitoring view.  This feature is still in preview at the time of writing.  Let’s have a closer look!

The configuration

In a previous post about the Key Vault connector, I complained about the lack of obfuscation.  That’s why I want to take this as an example.

  • A simple request/response Logic App that gets the value of a secret.


  • You see that the secret value is visible in the outputs, which is not desired.


  • With the new security feature (available in the Settings), you can choose to secure the inputs and / or outputs.


  • The “lock” icon shows that the obfuscation is enabled.


  • If you use an obfuscated value in subsequent actions, the “lock” icon is still visible.


The run history

  • In the run history, the outputs of the Key Vault action are not visible.


  • The inputs / outputs of depending actions are also obfuscated.


  • There seems to be a small bug.  In case the inputs of an action are secured, and you only use the outputs of that action in subsequent ones, then the subsequent action is obfuscated too.



Very nice feature!  It works really well and is easy to understand.  The scope of the obfuscation feels too big for me.  In most scenarios, you just want to obfuscate a single HTTP header or a single property in the HTTP body.  Would be great if this becomes available as advanced setting in the future.


About me

Hi! I’m Toon Vanhoutte, a hands-on Azure architect – based in Belgium – with a big passion for teaching and helping people out. I’m happy to assist you during your Azure journey with high-quality advisory and I would love to teach you Azure’s possibilities via my tailored training courses.

Subscribe to the blog