Container secret mounts » History » Version 1

Version 1/10 - Next » - Current version
Tom Clegg, 02/27/2018 08:17 PM

Container secret mounts

"secret_mounts" (?) behave just like mounts, except:
  • Only literal content is allowed (text, json)
  • Value of secret_mounts is never returned in a container request or container API response, except a new "containers#secrets" API which must be authenticated by the container's own runtime token
  • Never appears in container logs
  • Never appears in the Arvados logs table
  • Never appears in websocket updates
  • Never appears in API server request logs

It is an error for the same key (mount path) to appear in both mounts and secret_mounts.