Product UpdatesStatus PageAutomation Institute
English
Get a trial
Troubleshooting
Best practices

# Security best practices for recipes

This page provides best practices for safeguarding sensitive information and maintaining compliance when creating recipes in Workato.

# Best practices for sensitive data management

Don't include sensitive data as plain text in recipe steps. This includes tokens, authentication keys, personal information like names, addresses, emails, or other private data.

Instead, use the following best practices:

# Store authentication details in the connection

Don't hardcode authentication details, such as API tokens, in recipe steps.

For example, when you set the Base URL for an HTTP connection, don't hardcode the token value in the URL:

https://www.myapp.com/services/api-method?token=3ababe3235Z2z

Instead, store the authentication token as a query parameter during connection setup.

# Use environment properties or project properties

Use environment properties or project properties to store sensitive data. You can use these properties in recipes by opening the Recipe data menu and locating the Properties datatree.

Environment propertiesUse environment properties or project properties

# Enable data masking

Use data masking to exclude sensitive information from the job report and recipe step output.

Enable data maskingEnable data masking

# Benefits

Using these best practices offers the following security benefits:

  • Enhanced security: Sensitive data isn't visible to other users in your Workato workspace.
  • Safe cloning: Sensitive data remains secure when recipes are cloned. Cloned recipes retain recipe steps while excluding project properties, environment properties, and dynamic data from datapills.
  • Centralized management: Storing sensitive data centrally simplifies updates and reduces the risk of inconsistencies.
  • Community safety: Sharing recipes publicly doesn't expose sensitive data.

# Sensitive data and compliance

Workato is certified for PCI-DSS Level 1, ISO 27001, ISO 27701, SOC 1 Type II, SOC 2 Type II, and HIPAA. We also encrypt data at rest and in transit.

However, users are responsible for ensuring that sensitive data is handled to meet organizational policies and regulatory requirements. This includes:

  • Determining whether storing sensitive data in Workato FileStorage or Data tables aligns with organizational policies and compliance needs.
  • Applying appropriate access controls to restrict unauthorized access to sensitive data.

Examples of sensitive data to handle with caution include:

  • Personal data subject to privacy laws and regulations
  • Financial information
  • Healthcare data
Send alerts on failed jobs
Job debug tracing


Last updated: 4/1/2025, 5:13:02 PM

On this page