Does sharing Blueprints share sensitive data?

Hey all,

I’m wondering if sharing a blueprint to someone, does it give them sensitive data within the blueprint, or does it automatically remove any of that, and just provide the ‘shell’ you could say of the scenario?

Blueprints in MAKE are essentially templates or “shells” of your automation scenarios. When you share a blueprint with someone, it includes the structure and configuration of the scenario but excludes any sensitive or personal data. Here’s a breakdown of what gets included and what doesn’t when sharing a blueprint:

What Blueprints Include:

  1. Scenario Structure: The blueprint will include the overall structure of your scenario, such as the modules used, their configuration settings, and the flow of operations.
  2. Module Settings: Specific settings within each module, such as filters, data transformations, and configured actions, are included.
  3. Connections: While the blueprint will show which services or apps are being connected, it will not include the actual connection credentials or API keys. The person receiving the blueprint will need to set up their own connections to these services.

What Blueprints Exclude:

  1. Sensitive Data: Blueprints do not include any sensitive data that may have been processed by the scenario. This means no actual data records, personal information, or transaction details are shared.
  2. Connection Credentials: The blueprint will not include any of your personal connection information, such as API keys, passwords, or OAuth tokens. The recipient will need to connect their own accounts.
  3. Execution Data: Any historical data or logs from the scenario’s executions are not included. This ensures that any potentially sensitive or private information from past runs is not shared.

Hi,

Welcome to the Make Community.

It depends.

If you cannot see tokens or sensitive data, it won’t be shared.

However, if you are using, for example, auth headers in HTTP requests or JSON body, they will be shared.

Here is example:

Will result in:

            "mapper": {
                "url": "https://testurl.com",
                "serializeUrl": false,
                "method": "get",
                "headers": [
                    {
                      "name": "x-token",
                       "value": "token"
                    }
  
    }
}

Thats why you should always use (when possible) secured module:
Make an API Key Auth request

Also- keep in mind that if you are using emails in your connection names it also will be shared.

Here is an example:

And blueprint:

Another example: for modules like Facebook Pages where you can choose to select a page ID via list or map, the mapped ID will be shared.

What won’t be shared: any execution details and history of executions.

So in summary, sensitive data is protected at the highest level. However, as always, an irresponsible end-user can still cause significant issues.
So- my advice- always check what your blueprint contains if youare treating security seriously.

Have a nice day!
Michal

2 Likes

Welcome to the Make community!

The connection name/label will be shared.

If your email address is in the connection label, it will be visible in the scenario blueprint.

Always rename your connections to remove any email address.

samliewrequest private consultation

Join the Make Fans Discord server to chat with other makers!

1 Like

Hi @Jaydee747

We believe there is a big threat in asking for blueprints, especially to new Makers.

This will generally happen when there is an HTTP module with an API key in Headers and connections having email addresses.

@vendy Any suggestions to create a general awareness of the same?

Regards,
Msquare Automation - Gold Partner of Make

Book a Free Consultation | Connect Live

Explore our YouTube Channel for valuable insights and updates!