Applies to Product – Power Automate
What’s happening?
The customer needs to confirm whether the direct encrypted text input in the Populate text field on a web page action in Power Automate Desktop is equivalent to or higher than AES256 encryption.
Reason:
The direct encrypted input utilizes the Windows Data Protection API (DPAPI), which is part of the operating system. This ensures that the encrypted text can be read on the specific machine and under the same user account that was originally encrypted. However, it is noted that this method is not necessarily equivalent to AES256 encryption, as it does not specify the exact encryption algorithm employed.
Resolution:
- The direct encrypted input in Power Automate is designed to manage sensitive data, such as passwords, by encrypting it to ensure security and prevent exposure in logs or during transmission.
- For further information regarding the encryption method, refer to the documentation on the Windows Data Protection API (DPAPI) available at Microsoft Documentation.
- If additional validation is required regarding the encryption level, it is recommended to raise an inquiry with the product group for confirmation.
