Container secret mounts¶

• Only literal content is allowed (text, json)
• Value of secret_mounts is never returned in a container request or container API response, except a new "containers#secrets" API which must be authenticated by the container's own runtime token
• Never appears in container logs
• Never appears in the Arvados logs table
• Never appears in websocket updates
• Never appears in API server request logs

It is an error for the same key (mount path) to appear in both mounts and secret_mounts.