How to hide sensitive data in the debugger in live mode

Hi all,

I have an API call containing the ClientID and ClientSecret of my app. I trigger this API call in a workflow on multiple pages. I’ve noticed that when running the debugger (by adding “?debug_mode=true”), I can access these values of “ClientID and ClientSecret” by running the debugger in step-by-step mode. I have to set “ClientID and ClientSecret” as parameters of my API call because they depend on the environment (test or live). I check if “version-test” is in the URL and then set a custom state for “ClientID and ClientSecret”. I then pass them to the API call.

I don’t want them to be accessible from the debugger… Is there a way to hide some values in the debugger? How do you handle environment variables in a proper way?

Many thanks!

A few basic things …

  • set the ClientID and ClientSecret as “private” in the API connector (the checkbox)
  • and/or run the action on a Backend workflow

Screenshot 2023-05-25 at 11.24.50

And read the manual https://manual.bubble.io/help-guides/integrations/api/the-api-connector/authentication

Good luck :slight_smile:

1 Like

Thank for your answer.

If I set ClientID and ClientSecret as Private I can’t use them anymore as parameter in the API call. It seems like the best solution is to find a workaround with backend workflow.

There is some subtlety, a next level answer … if you are trying to pass credentials as arguments. (and you should understand the privacy rule side of things in any case)

Use privacy rules to ensure that these credentials are not available to the users who you don’t want to see these credentials. And also use a Backend workflow.

Note that these credentials will appear in Bubble logs, when passed as arguments.

1 Like

I think I will use only backend workflows and pass only one argument “is_test=yes/no” from the front to the back. The backend workflow should be able to retrieve all the credentials thank to privacy rules. Sounds like the most secure way.

1 Like