Workspace Weekly: 6.3 feature – Secure Custom Fields for Accounts

October 22, 2025

This week’s Workspace Weekly digs into a feature in our Login Enterprise 6.3 release that solves a long-standing security and workflow problem: storing sensitive connection values safely inside Login Enterprise.

With secure custom fields on Accounts, you can keep tokens, seeds, and per-app secrets in one place, masked and encrypted, while still passing them to Launchers and Custom Connectors at runtime.

What does this mean in short? Fewer spreadsheets, less plaintext, and faster, safer runs. Check out this doc for step-by-step directions: Secured Custom Fields.

Figure 1: Accounts > Secured custom fields (Secure1-Secure5) in create and edit views

Click to View Details

What it means for you

Sensitive connection data often lives in ad hoc files or external tools, which slows people down and increases risk. Secure custom fields let you centralize those values in the Account object, keep them masked in the UI, and still use them during a Test. Values are write-only, encrypted at rest, and never returned by the UI or Public API after saving.

What you get

• Better security: Secrets are masked, stored encrypted, and not retrievable after saving.
• Cleaner operations: No more copying from spreadsheets during test setup.
• Consistent automation: Pass secrets to Launchers and Connectors the same way every time.

How it works

• Fields: Up to five secure fields per Account (Secure1-Secure5), each up to 255 characters. Leading and trailing spaces are trimmed on save.
• Create flow: Type a value. It appears as dots. You may briefly reveal what you are typing before you save.
• Edit flow: Previously saved values display as dots and cannot be revealed. Entering a new value replaces the old one.
• Write-only behavior: UI and Public API never return the stored value after saving.
• Runtime use: Launchers and Connectors receive secure values like passwords. For Custom Connectors, use {securecustom1} … {securecustom5} in your command line or script arguments.
• Scope: Secure fields behave like password fields and are intended for connection-related secrets.

Check out how to use this feature in a demo:

Practical Uses for Secure Field Storage

• API tokens per environment: Store a tenant’s API key in Secure1 and pass {securecustom1} to your Custom Connector so it can fetch data or post events without exposing the key to operators.
• TOTP seed or app secret: Keep a second factor seed or app-specific secret in a secure field to support flows that require an additional code at connect time.
• Connection strings or headers: If your connector needs a header or partial connection string, keep it secure in the Account and assemble it at runtime.

For a concrete example, see Workspace Weekly: Custom Events for Launchers and Connectors in Login Enterprise and the linked repo. It shows how to pass {securecustom1} in a connector command-line parameter.

Quick tips to get you started

• Name your usage convention: Document which secure field maps to which purpose (for example, Secure1 = API token, Secure2 = TOTP seed).
• Rotate on role changes: When team membership or vendor access changes, rotate and re-enter values.
• Avoid logging secrets: Ensure connector scripts never echo secure parameters into logs.
• Test in non-prod: Validate your command line with placeholder values first, then switch to secure fields.

Ready to try 6.3? Upgrade your appliance, then follow this documentation to add and use Secured Custom Fields.

Next week’s Workspace Weekly will cover more features from our 6.3 release. Don’t forget to join #workspace-weekly on Slack to share your own tips and stories. As always, your feedback helps make Login Enterprise better for you.