Idea #13112
Updated by Peter Amstutz almost 7 years ago
There needs to be a way to store credentials and other secrets securely. See note-1 for background. Proposal: https://dev.arvados.org/projects/arvados/wiki/Vault Based on the proposal, the essential development tasks are: * Create secrets table in API server * Create Vault plugin that interacts enables login with Arvados API token and interacts with secrets table In order to integrate secrets handling into CWL, a couple of additional tasks are necessary * arvados-cwl-runner feature to indicate inputs that represent "secrets" and adjust the container request accordingly. * Crunch-run feature to access Vault and perform substitution of secret into config file or environment just-in-time, as part of container setup, prior to running container.