web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / What is the best way t...
Small and medium business | Business Central, N...
Answered

What is the best way to store secrets in Business Central?

(7) ShareShare
ReportReport
Posted on by Fatou Kiné 45
We want to store an azure client secret to be used in a code unit to generate JWT tokens for sending HTTP requests.
 
We have explored the key vault option but we are using business central online with a Per-Tenant Extension which does not seam to support key vault integration (https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/setup-app-key-vault).
 
Which other secure options do we have to achieve this?
Categories:
Dynamics 365 Business Central
I have the same question (1)
  • Verified answer
    Aman Kakkar Profile Picture
    Aman Kakkar 2,977 Super User 2026 Season 1 on at
    Hi,
     
    One option that works well in PTEs is using the SecretText data type. I've used this approach before to store and use client secrets securely inside AL code.
     
     

    Create a setup field and set ExtendedDatatype = Masked. This ensures the user can enter the value, but cannot read it afterward.

    field(7; "Client Secret"; Text[2048])
{
    Caption = 'Client Secret';
    ExtendedDatatype = Masked;
    ToolTip = 'Azure AD Client Secret.';
}
     
    Inside your codeunit (e.g., when generating JWT or OAuth tokens), convert the stored value into SecretText:
     
    procedure GetSecretKey()
var
    SecretKey: SecretText;
begin
    SecretKey := SecretText.SecretStrSubstNo(Setup."Secret Key");
end;
     

    The advantage of SecretText is:

    • It cannot be directly converted back to plain text
    • It avoids exposure in debugging, errors, and telemetry
     
    Do mark as verified if this helps.
    Aman K
  • Suggested answer
    OussamaSabbouh Profile Picture
    OussamaSabbouh 12,803 Super User 2026 Season 1 on at
    Hello,
     
    For a Per-Tenant Extension, your only secure option is to store the secret using IsolatedStorage + SecretText, or move the JWT generation to an Azure Function that reads the secret from Key Vault.
    Direct Key Vault access is not supported for PTEs.
     
    Regards,
    Oussama Sabbouh
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 99,055 Super User 2026 Season 1 on at
    Hi, hope the following can give you some hints.
    Business Central 2025 wave 2 (BC27): ‘Concealed’ text field type for sensitive data (New field-level property: MaskType)
     
    Thanks.
    ZHU
  • Fatou Kiné Profile Picture
    Fatou Kiné 45 on at
    Hi,
     
    Thanks for your replies.
     
    Regarding Aman's suggestion : 
    I like this approach but I have a small concern. Between the retrieval from the table and the assignment into the secret text, are there any chances for the secret to be exposed? Is the NonDebuggable attribute enough in this case?
     
    Regarding Oussama's suggestion :
    I'm not familiar with IsolatedStorage but from what I read so far, it seams to be very secure with capabilities to encrypt the value stored. To your knowledge, are there any downsides or limitations using this approach? I'll dig further.
  • Suggested answer
    Aman Kakkar Profile Picture
    Aman Kakkar 2,977 Super User 2026 Season 1 on at
     
    Great question — and yes, the NonDebuggable attribute is sufficient to prevent exposure of the secret during assignment. You can safely use this attribute when reading the value from your setup table and converting it into SecretText.
     
    Microsoft explicitly recommends this pattern in their documentation for handling sensitive values within extensions. You can check the below screenshot as well -
     
     
     
    Do mark as verified if this helps.
    Aman K
  • Fatou Kiné Profile Picture
    Fatou Kiné 45 on at
    Thanks Aman.
    Your response was very helpful.
  • Gerardo Rentería García Profile Picture
    Gerardo Rentería Ga... 25,555 Most Valuable Professional on at

    Hi, good day
    I hope this can help you, and give you some hints.

    Securely Storing Secrets in Business Central Using Isolated Storage - Fredborg

    Best Regards
    Gerardo

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 1,926 Super User 2026 Season 1

#2
YUN ZHU Profile Picture

YUN ZHU 1,158 Super User 2026 Season 1

#3
Khushbu Rajvi. Profile Picture

Khushbu Rajvi. 533 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans