I am using a config document in my flow, in which I have made password field’s “String Display Type” to Password. But in pipeline during debug it is showing in plain text. This way anyone can see the admin password with debugging this flow.
I have used “String Display Type” to Password in Input parameters before, and it works fine when user enter password. But here when reading a system file and assigning value to a doc with display type password, it showing as plain text.
please provide us some screenshots showing the different docs with the configurations for the fields.
This will make it easier for us to analyse this.
Just some questions:
Why do you need to debug this service with Admins password being present in the pipeline?
Or why not using a new specialised user instead of Admin user?
Hi @Holger_von_Thomsen,
Please see the screenshot. Here during debug I can see the value in passphrase variable just like other variables, despite having the String Display Type set to Password.
For you other question, I just posed question for prod scenario. I can use the test service account credential here, but problem here is password is exposed, regardless which account I’m using.
still wondering why you want to debug services like this in production.
Usually after all was tested correctly and deployed to prod there should be no need to debug services there.
They should be invoked automatically when a message is received by WS Call or Adapter Notification or some other triggers.
I think either they have a production only problem or they want to prevent this password to be peaked by using debug mechanism. I am also not clear on why part though. If someone has necessary permissions to debug this service then seeing this password shouldn’t be a problem. If they have a production only problem again, seeing this password is not the actual issue. If it is logged somewhere, then why not mask it there completely?
