Hi everyone,
I’m working on a project using Power Automate Desktop (PAD) where certain actions require storing credentials in variables (to log into servers and applications).
My client is concerned about whether passwords or sensitive values stored in PAD variables are secure and cannot be leaked or accessed by unauthorized parties.
My current flow in development is set to read sensitive data stored in client Password Database Website and store extracted HTML data (Password) as variables in PAD.
Could someone help clarify any of the following?
- How does Power Automate Desktop protect sensitive variables at runtime and at rest?
- Are password variables encrypted in the flow files or on the machine?
- Can other users or processes access these variables?
- Other that flow action log, what other evidence can I bring forward to my client to show that data stored as variables in PAD are removed after the flow ended?
I’d like to give my client a clear explanation (or official Microsoft documentation, if available) that demonstrates these credentials are protected.
Thanks in advance!

Report
All responses (
Answers (