There currently is no mechanism to secure data in an HTTP request. If you put sensitive information in the headers, like secrets and tokens, it will be output to the logs. You will need to consider your risk tolerance before adding secrets to your HTTP requests. We are planning on adding secrets management to a future version of Workflows.
Is this still valid?
It is mentioned in HTTP Request Action Workflow - IdentityNow (IDN) / Discussion and Questions - SailPoint Developer Community Forum
Welcome to the developer community Ajay.
Thank you for bringing this up. The HTTP Request action received a major update a few months back that introduced secrets management. Therefore, the issue referenced in that post is no longer valid. HTTP Request can now secure credentials from being output in scripts and logs.
Thanks for the info.
Can you tell me where is the doc that shows this?
I have an HTTP Request Action on Workflow and I just got it working filling my login data in body request as plain… if I can transform this into a secret I wanna learn how
Hey I don’t know if this link have the correct information that I’m looking… What I need is a vault to store my username and password and get them into HTTP Request Action body as post them as JSON
Ah, I see. So workflows doesn’t have a secrets vault for arbitrary data. The secrets are only applied when you select one of the authentication methods in the HTTP Request action. But I do think this is a great idea. Can you submit and idea for it?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.