We are using http request activity for our customer base application which requires the use of an API key along with username and password.
Hence, we are storing api key as credential on orchestrator. Then upon fetching api key from orchestrator, we have to convert this from secure string to string to be able to pass this key into headers section of http request as it only accepts string values as shown below.
This violates our governance rule(St-SEC-009 i.e. secure string misusage) enabled at an enterprise level.
Is there a way to pass API key in a secure format which would also comply to our governance rule.
Is there any else activity that can be used to fulfill this requirement?