I have written an ABX that can retrieve secrets from our internal secrets manager for real-time use by other VRA/VRO workflows. Everything works fine, except VRA writes the ABX output which contains the full credentials to the log files, which subsequently gets stored in Log Insight in plain text.
Is there any way to suppress the writing of ABX outputs to the log stream?
Edit: VRA 8.6.2 currently, will update to 8.8.x or possibly 8.10.x in Q1
why don't you gather those credentials in vro directly?
Can you elaborate? If you mean add and manage the secrets in VRO, that is what we are trying to avoid, maintaining secrets in places outside of our existing password vault and having to update them in multiple places when they are rotated.
I mean rewriting the method you implemented by ABX in vRO.
Does this fix the problem? Does VRO not log any output of workflow actions? I would assume it still logs them for troubleshooting purposes.
It does not log variables. You can check workflow runs and examine variable values, but this is stored in DB only and Secure Strings are masked.
You can exclude those logs from vRLI perspective as well at that time of injection