Payload in Flow activity is not being displayed

[franklaboris]

Describe the Bug

After upgrading to v10.11 I noticed some Flow's activity is not displaying the resulting payload of each operation, only a few operations display its payload. I also inspected the server response and the payload is there, so it is not being displayed for some reason:

Possible cause: the Operation's key is being redacted, so the payload cannot be associated with it

To Reproduce

To have a flow with 10+operation in v10.11

Directus Version

v10.11.0

Hosting Strategy

Self-Hosted (Custom)

Database

postgres 15

[hanneskuettner]

You are indeed correct, all of the flow steps are redacted before being added to the revisions, by replacing all values found in the FLOWS_ENV_ALLOW_LIST environment variables (values) with their redacted counterparts, that would lead to this problem. So in your case I would presume that your COMETCHAT_REGION happens to be us and you're exposing that to your flows (which is a totally valid use case).

I wonder if this is a valid use case / request for some FLOWS_ENV_DONT_REDACT configuration?

I don't think this is easily fixable in the frontend, since we have the string --redacted:WHATEVER_ENV-- but don't know anything about the original.

To fix your problem, you can change your "Read organization user" operation key to something that does not contain "us" and you should be fine!

I'm gonna leave this open, as I can see some problems arising with this redaction if the value is something like a.

[franklaboris]

Thanks for your response.
FLOWS_ENV_DONT_REDACT would be a great addition
I'm wondering what's the use case for redacting the operation key. What is a possible security concern?