What problem are you observing?
When a SaaS connector is configured to take inputs from a Card List, secret fields defined within that Card List remain encrypted at runtime. In contrast, secret fields defined elsewhere in the connector configuration are decrypted as expected and resolved to plaintext values in logs.
What is the correct behavior?
All secret fields, including those supplied through Card List inputs, should be decrypted at runtime and resolved to plaintext values, consistent with other secret fields in the connector. This would allow Card List secrets to be used for authentication and other runtime operations.
What product feature is this related to?
SailPoint Identity Security Cloud
SaaS connector framework
What are the steps to reproduce the issue?
- Create a Card List with multiple attributes that includes a secret field.
- Configure a SaaS connector to accept this Card List as an input.
- Execute the connector at runtime and inspect input values (e.g., via logging).
- Observe that Card List secret field values remain encrypted while other connector secret fields are decrypted.
Do you have any other information about your environment that may help?
Secret fields defined outside of Card Lists are decrypted correctly at runtime. The issue appears to be specific to how secrets originating from Card List inputs are resolved or decrypted.