---
title: Handling sensitive data
description: Use these best practices to protect sensitive data from internal or external exposure.
component: davinci
page_id: davinci:davinci_best_practices:davinci-best-practices-sensitive-data
canonical_url: http://docs.pingidentity.com/davinci/davinci_best_practices/davinci-best-practices-sensitive-data.html
revdate: July 31, 2024
section_ids:
  use-an-appropriate-logging-level: Use an appropriate logging level
  manage-davinci-access: Manage DaVinci access
  use-sensitive-fields-to-keep-sensitive-data-out-of-analytics: Use sensitive fields to keep sensitive data out of analytics
  use-secret-variables-for-sensitive-information: Use secret variables for sensitive information
  exclude-variables-from-exported-flows: Exclude variables from exported flows
---

# Handling sensitive data

Use these best practices to protect sensitive data from internal or external exposure.

## Use an appropriate logging level

Logging tracks various system events and requires a certain amount of system resources. More verbose logging provides additional information but consumes more system resources, which impacts the flow's overall performance.

DaVinci supports multiple logging levels:

* **Error** (default): Gathers basic information about the flow start and any errors encountered.

* **None**: Performs no logging.

* **Info**: Gathers information about every node that runs.

* **Debug**: Gathers detailed information about every node that runs.

You should leave flow logging set to **Error** unless you're actively attempting to diagnose an issue, and you should set flow logging back to **Error** as soon as you're done.

You can update the log level by opening the flow and clicking **More options ( [icon: ellipsis-v, set=fa]) > Flow Settings**, then clicking the **Logging** tab. Learn more in [Editing flow settings](../flows/davinci_editing_flow_settings.html).

## Manage DaVinci access

Administrative users in DaVinci are created through PingOne. When you add admin users, only give these users the necessary permissions for their roles, and only for the necessary environments. This prevents users from accidentally or intentionally making changes to flows or environments beyond the scope of their responsiblities.

Regularly review the list of admin users to ensure no admin user has unnecessary access.

## Use sensitive fields to keep sensitive data out of analytics

By default, DaVinci removes the values of known sensitive fields from analytics. Learn more about the fields that are automatically scrubbed in [Viewing flow analytics](../flows/davinci_viewing_flow_analytics.html).

If you want to add additional sensitive fields, update the flow settings to scrub their values using the **Scrub Sensitive Information** and **Sensitive Information Fields** fields. Learn more in [Editing flow settings](../flows/davinci_editing_flow_settings.html).

## Use secret variables for sensitive information

Some values, such as API keys, client secrets, and access tokens, are required for some flows to function but shouldn't be readily visible. You should store these values in secret variables.

Secret variables are a type of company context variable. Their values can be used in the HTTP connector's Make REST API call capability, in the `Headers` and `Body Parameters` sections. Their values are not visible in logs, analytics, API queries, flow JSON files, or to other DaVinci administrators. Administrators can replace the value for a secret variable, but they cannot view the current value after it's been saved. Saving sensitive values in secret variables makes them more secure and simplifies administration by putting all of the values in one place rather than in multiple connector configurations.

Learn more in [Variables](../variables/davinci_variables.html) and [Adding a variable](../variables/davinci_adding_a_variable.html).

## Exclude variables from exported flows

When you export a flow as JSON, deselect the **Include Variable Values** so that the JSON does not include the values of company or flow variables that are used in the flow. Learn more in [Exporting a flow](../flows/davinci_exporting_a_flow.html).