Self Checks

• I have read the Contributing Guide and Language Policy.
• This is only for bug report, if you would like to ask a question, please head to Discussions.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report, otherwise it will be closed.
• 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
• Please do not modify this template :) and fill in all the required fields.

Dify version

1.10.1

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

Hi,

I found that if you use encrypted env variable in the workflow, the cleartext value can be printed in the trace logs which somehow may cause sensitive data leakage.

For example, i use HTTP Request node and i'd like to use encrypted API_KEY in the header. But the cleartext can be seen in the trace log.

✔️ Expected Behavior

The encrypted variable shoud keep invisible anywhere include trace log

❌ Actual Behavior

The encrpted env variable can be printed as cleartext in the trace log