web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro
Introducing our New Video Series: Community Spotlight
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / What is the best way t...
Small and medium business | Business Central, N...
Answered

What is the best way to store secrets in Business Central?

(7) ShareShare
ReportReport
Posted on by Fatou Kiné 45
We want to store an azure client secret to be used in a code unit to generate JWT tokens for sending HTTP requests.
 
We have explored the key vault option but we are using business central online with a Per-Tenant Extension which does not seam to support key vault integration (https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/setup-app-key-vault).
 
Which other secure options do we have to achieve this?
Categories:
Dynamics 365 Business Central
I have the same question (1)
  • Verified answer
    Aman Kakkar Profile Picture
    Aman Kakkar 3,532 Super User 2026 Season 1 on at
    Hi,
     
    One option that works well in PTEs is using the SecretText data type. I've used this approach before to store and use client secrets securely inside AL code.
     
     

    Create a setup field and set ExtendedDatatype = Masked. This ensures the user can enter the value, but cannot read it afterward.

    field(7; "Client Secret"; Text[2048])
{
    Caption = 'Client Secret';
    ExtendedDatatype = Masked;
    ToolTip = 'Azure AD Client Secret.';
}
     
    Inside your codeunit (e.g., when generating JWT or OAuth tokens), convert the stored value into SecretText:
     
    procedure GetSecretKey()
var
    SecretKey: SecretText;
begin
    SecretKey := SecretText.SecretStrSubstNo(Setup."Secret Key");
end;
     

    The advantage of SecretText is:

    • It cannot be directly converted back to plain text
    • It avoids exposure in debugging, errors, and telemetry
     
    Do mark as verified if this helps.
    Aman K
  • Suggested answer
    OussamaSabbouh Profile Picture
    OussamaSabbouh 17,521 Super User 2026 Season 1 on at
    Hello,
     
    For a Per-Tenant Extension, your only secure option is to store the secret using IsolatedStorage + SecretText, or move the JWT generation to an Azure Function that reads the secret from Key Vault.
    Direct Key Vault access is not supported for PTEs.
     
    Regards,
    Oussama Sabbouh
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 101,995 Super User 2026 Season 1 on at
    Hi, hope the following can give you some hints.
    Business Central 2025 wave 2 (BC27): ‘Concealed’ text field type for sensitive data (New field-level property: MaskType)
     
    Thanks.
    ZHU
  • Fatou Kiné Profile Picture
    Fatou Kiné 45 on at
    Hi,
     
    Thanks for your replies.
     
    Regarding Aman's suggestion : 
    I like this approach but I have a small concern. Between the retrieval from the table and the assignment into the secret text, are there any chances for the secret to be exposed? Is the NonDebuggable attribute enough in this case?
     
    Regarding Oussama's suggestion :
    I'm not familiar with IsolatedStorage but from what I read so far, it seams to be very secure with capabilities to encrypt the value stored. To your knowledge, are there any downsides or limitations using this approach? I'll dig further.
  • Suggested answer
    Aman Kakkar Profile Picture
    Aman Kakkar 3,532 Super User 2026 Season 1 on at
     
    Great question — and yes, the NonDebuggable attribute is sufficient to prevent exposure of the secret during assignment. You can safely use this attribute when reading the value from your setup table and converting it into SecretText.
     
    Microsoft explicitly recommends this pattern in their documentation for handling sensitive values within extensions. You can check the below screenshot as well -
     
     
     
    Do mark as verified if this helps.
    Aman K
  • Fatou Kiné Profile Picture
    Fatou Kiné 45 on at
    Thanks Aman.
    Your response was very helpful.
  • Gerardo Rentería García Profile Picture
    Gerardo Rentería Ga... 27,054 Most Valuable Professional on at

    Hi, good day
    I hope this can help you, and give you some hints.

    Securely Storing Secrets in Business Central Using Isolated Storage - Fredborg

    Best Regards
    Gerardo

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro
Introducing our New Video Series: Community Spotlight

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Women in Power Builds Momentum

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,353 Super User 2026 Season 1

#2
YUN ZHU Profile Picture

YUN ZHU 1,808 Super User 2026 Season 1

#3
AndrewThomas81 Profile Picture

AndrewThomas81 1,371

Last 30 days Overall leaderboard

Featured topics

Microsoft Training Manuals

Product updates

Dynamics 365 release plans