Idea #13112
Updated by Peter Amstutz about 6 years ago
There needs to be a way to store credentials and other secrets securely. See note-2 note-1 for background discussion. background. Proposal: https://dev.arvados.org/projects/arvados/wiki/Vault Based on the proposal, the essential development tasks are: * Create secrets table in API server * Create Vault plugin that interacts enables login with Arvados API token and interacts with secrets table to determine policy granting access to secrets. In order to integrate secrets handling into CWL, a couple of additional tasks are necessary * arvados-cwl-runner feature to indicate inputs that represent "secrets" and adjust the container request accordingly. * Crunch-run feature to access Vault and perform substitution of secret into config file or environment just-in-time, as part of container setup, prior to running container.