Can you keep a secret? Have you tried using Azure Key Vault with Power Automate? here is an overview of the Azure Key Vault connector.
The Azure Key Vault
I’ve create an Azure Key vault to keep hold of my secrets.
The Azure Key Vault Connector
There are 4 actions that will list information from the Azure Key Vault
- List keys
- list secrets
- List Secret versions
- List key version
When you add these action to your flow you will soon see … well, not very much. A greyed out Sign in button and a Vault name
Once you have supplied a Vault name, the sing in button will enable itself.
And when we run these actions the secrets and the keys are returned.
But most likely we would want the actual secret information behind each secret. We will need to use another item for this.
The Get Secret action will get the details of the secrets.
When we run this flow, we will get the actual secret information from the Key Vault.
How often do you use settings inside a flow? The Key Vault might quite well be a good place to store some of your flow settings. So often settings are stored in SharePoint, while really these settings aren’t anything that you want to share.
Wait a moment, but the flow run is now sharing my secret! That is easily solved. You could now secure the output from the above action, using the secure your input and output in flows setting.
Decrypt and Encrypt data
The next two actions to look at are the Decrypt data with key and the Encrypt data with key.
And when you try these options you will get the following message:
Operation failed because client does not have permission to perform the operation on the key vault. Please check your permissions in the key vault access policies.
that is a bit annoying!
The way to solve this tick the boxes for Decrypt and Encrypt in the Access Policies in your Vault.
Once you’ve done this, problem solved and you can encrypt and desrypt your data using the Key Vault
Now if you combine these actions you can collect the Secrets and keys and use them within flows, however there is no create a secret action in flow. There is however an option to do this from Powershell.