With Dynamics 365 Business Central 2023 Wave 2 release (version 23) Microsoft introduced a new data type called SecretText. This new data type is useful to protect secrets in AL code from being revealed through debugging (a SecretText variable is always displayed as <HiddenValue> during a debugging session) and I’ve talked about it in this post.
The SecretText data type is in my opinion an example of things introduced in the AL platform quite prematurely.
You can today use it with the HttpClient object for sending HTTP requests to an external endpoint by securing credentials and endpoints (HttpContent, HttpHeaders, HttpRequestMessage fully support it):
But you cannot use this new data type for storing secrets in the Isolated Storage natively (and here is where I have recently received some questions from partners).
To store extension’s secrets in the Isolated Storage, many partners would like to do something like in the following code:
Here I’m passing a SecretText object to the Isolated Storage methods, but this results in an error:
cannot convert from ‘SecretText’ to ‘Text’
The Isolated Storage module currently does not support the SecretText data type but only Text parameters. Current plan is to have full support for SecretText in Isolated Storage methods in Dynamics 365 Business Central version 24 (2024 Wave 1 release) with new method overloads that will permit to pass a SecretText parameter to the Isolated Storage, but these new methods will not be backported.
What can you do now?
In the currently available release, to handle SecretText objects in the Isolated Storage you have lots of limitations.
You can read a value from Isolated Storage as SecretText by creating a [NonDebuggable] procedure like the following:
and this is very similar to the overload that Microsoft will ship on V24 (so changing code from calling your function to calling the new overload will be very easy).
If you want to write a SecretText variable in the Isolated Storage, this is not currently possible. You could write something like the following:
but using the Unwrap method to extract the content of a SecretText into a Text is currently blocked in extensions with target = cloud.
Writing a SecretText into the Isolated Storage requires the runtime to support this new data type as a valid parameter and for that you need to wait until version 24, where a native method will be implemented. At the moment you need to pass the secret value to store as a Text parameter in a procedure that will be [NonDebuggable] and maybe also Internal.
P.S. Please note that SecretText is not a data type planned to be available in the UI (so you cannot create a page field bounded to a SecretText variable also in the future). For this, you can create a [NonDebuggable] Text variable and use it on your page:
UPDATE: the new AL Language extension version 13.x (available for Business Central 2024 Wave 1 release (version 24) adds full support for SecretText in Isolated Storage.
New overloads for the built-in methods of IsolatedStorage type are introduced to allow its use with the SecretText type. When values are added as SecretText, the runtime will ensure they can only be retrieved in the same type. This makes it possible to ensure that they are protected from debugging throughout their entire lifetime. In addition, a new overload to the Contains method was added to allow checking if a value was added as a SecretText.
Stefano Demiliani 