Project

General

Profile

Actions

Feature #13134

closed

[crunch-run] Support for secret_mounts

Added by Peter Amstutz about 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
-
Release relationship:
Auto

Description

See Container secret mounts.

  • New field called "secret_mounts" which can container "json" or "text" type mounts. These are processed the same way as normal mounts.
  • Add support for "text" type mounts which are literal text which is written to file during setup (similar to "json" type, but unstructured.)
  • Ensure that contents of "secret_mounts" isn't logged (eg container.json)
  • Ensure that contents of "secret_mounts" isn't captured in output collection

Note: for completeness, we should also have "secret_environment" and "secret_command" that are merged with the public environment and public command line respectively.


Subtasks 2 (0 open2 closed)

Task #13152: Review 13134-secret-mountsResolvedPeter Amstutz03/12/2018Actions
Task #13153: Support in crunch-runResolvedPeter Amstutz03/12/2018Actions

Related issues

Related to Arvados - Idea #13112: Provide a mechanism to store "secrets" securelyDuplicateActions
Actions

Also available in: Atom PDF