Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,800 questions
Azure Data Factory, SecureString parameter printed out in plain text in debug monitoring logs
Agelin, Jakob
16
Reputation points
I have a Web Activity with secure input/output set to true.
I have an Execute Pipeline Activity that references a pipeline with a secureString parameter.
I provide this @activity('get_token').output.value as the secureString parameter value inside the Execute Pipeline Activity.
In the logs, I can see the token printed out in plain text. Is this a feature, or a bug?
{count} votes
-
Michael John Pena 165 Reputation points MVP2024-01-05T11:26:44.3366667+00:00 Are you using Git mode? I had an experience in the past where the secured value turns to plain text when retrieving from keyvault.
-
Agelin, Jakob 16 Reputation points
2024-01-05T11:55:31.0033333+00:00 Yes, git mode. Are you saying that if I could provide a dummy default value, it would work, but git mode prevents any default values from being stored?
-
Agelin, Jakob 16 Reputation points
2024-01-05T13:00:55.83+00:00 It's just not reasonable to me that I can set the output of an activity to secure, redacting it, then using that output as an input parameter set to securestring, but the input is printed out in plain text when debugging.
-
AnnuKumari-MSFT 33,241 Reputation points Microsoft Employee2024-01-08T05:27:01.3033333+00:00 Hi Agelin, Jakob ,
Thankyou for raising your query on Microsoft Q&A platform . I have taken your query forward to the internal team . I will keep you posted once I hear back from them. Thankyou
-
AnnuKumari-MSFT 33,241 Reputation points Microsoft Employee
2024-02-22T09:10:44.9666667+00:00 Hi Agelin, Jakob ,
Below is the response from the internal team
"If passing securestring, recommendation is to set secure input/ output in all activities that are referring to the parameter. That's the very reason of secure input/ output in downstream activities.
The current observation is by design and is not a bug. User otherwise will not be able to see the value passed through the web activity which may be needed for debugging if the need be. "
Hope it helps. Thanks
Sign in to comment
Sign in to answer