Masking secrets after templating creds in HttpRequest Block (#4248)

2025-12-09 11:38:09 -08:00
parent eb50fdef83
commit e2c2ec1892
2 changed files with 30 additions and 0 deletions
--- a/skyvern/forge/sdk/workflow/models/block.py
+++ b/skyvern/forge/sdk/workflow/models/block.py
@@ -3913,6 +3913,9 @@ class HttpRequestBlock(Block):
                "url": self.url,
            }

+            # Mask secrets in output to prevent credential exposure in DB/UI
+            response_data = workflow_run_context.mask_secrets_in_data(response_data)
+
            LOG.info(
                "HTTP request completed",
                status_code=status_code,