Sometimes, your Power Automate flow will need to handle sensitive information. You shouldn’t expose this information in the flow’s run history to prevent misuse. A simple control method is to activate the Power Automate secure inputs and outputs settings for the necessary actions.
By activating these settings, you can ensure data such as URLs, IDs, secrets, passwords, or PII remains hidden from view. Let’s explore how to set this up and the appearance of the results.
Table of Contents
ToggleScenario
I have a Power Automate flow that gets a SharePoint list item, then emails the list ID of the item to a user. The flow uses data source environment variables to know what site and list to interact with. You can find out more about these environment variable types here.
The flow has a series of ‘run only’ users. They’ll be able to run the flow but not edit or modify it in any way. However, they’ll have access to the run history and be able to see the SharePoint site/list URLs. They’ll also see the properties for the retrieved item which could contain sensitive information.
There is the initial flow configuration:
Testing the flow without secure inputs & outputs activated, ALL underlying data will be visible for a successful flow:
Any actions referencing the Get items action will also have any information exposed in the run history:
Secure Inputs setting
To enable Power Automate secure inputs, click the ellipsis for the relevant action and select Settings:
Turn on Secure Inputs:
Make sure to click Done at the bottom for the change to take effect. The action will now have a padlock icon to indicate the setting is active:
When the flow runs now, the Inputs for the relevant action will now be masked:
What’s also great is that any subsequent actions that refer to the initial action also have their inputs masked:
If you’re using the new designer for Power Automate, settings are accessible when configuring an action:
Secure Outputs setting
In the same way as above, we can access the Settings area for an action and enable Secure Outputs:
When the flow runs, outputs are masked in the run history:
Again, subsequent action(s) referring to an action with secure outputs will also have their inputs masked.
Secure Inputs and Outputs
Some actions in Power Automate will allow for both settings to be active. The Get Items action for SharePoint is one such action, there are plenty of others too:
As you’d expect, both the Inputs and Outputs are then masked in the run history when enabled:
Referencing dynamic content from secure outputs
If secure outputs are active, you’ll notice a slight change in the designer when referencing dynamic content for future actions.
Below, I have secure outputs active on a Get Items action. When trying to reference dynamic content, the padlock icon is next to each value I can use:
In the new design experience, the icon simply appears next to the header for each set of dynamic content:
If you’re referencing an action with only secure inputs being active, you won’t see any change.
Things to note
There’s a couple of key things to note when working with Power Automate secure inputs and outputs:
1- Not all actions have both options.
Some actions may only allow you to enable secure inputs. Others may only allow secure outputs. It will vary from connector to connector, action to action.
2- It’s not retrospective.
If you’ve read this article and thought “oh shoot, I better go and enable this right now“, be mindful it’s not retrospective. Flows will only mask inputs and/or outputs after the setting(s) are active. Accessing any flow runs from before the change will still show all inputs and outputs.
3- Define inputs and outputs before you build.
Try to identify what (if any) sensitive information your flow will process before you start building. Scoping out what actions you’ll need, and how the data will be processed and viewed, will be key.
The Power Automate secure inputs and outputs settings are really easy to set up, but also incredibly valuable. Make sure your sensitive information is protected at all times.
Thanks for reading. If you liked this article and want to receive more helpful tips about the Power Platform, don’t forget to subscribe or follow me on socials 😊.
Very Insightful and useful refresher. Thanks for sharing.
Who can see the secured input/output? Admin or Flow Owners etc.?
Is there anyway we can prevent who can switch this feature off and avoid breaching the privacy?
Hi! As far as I know, noone can see the secure inputs or outputs unless they’re sent to another source (ie to an email recipient). The only ppl who can turn secure inputs/outputs on or off will be the original flow owner (creator) or anyone they assign co-ownership to. Run only users won’t have the ability.
Combining secure input with Azure Key Vault > Get Secret (https://learn.microsoft.com/en-us/connectors/keyvault/#get-secret) is the way to go to securing your script!