-
-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets #26
base: main
Are you sure you want to change the base?
Conversation
Process.yml
Outdated
* false (same as null) | ||
* true (parameter is secret) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* false (same as null) | |
* true (parameter is secret) | |
* `false` (same as null) | |
* `true` (parameter is secret) |
Process.yml
Outdated
If the value of `secret` is a string, this is a lookup key to | ||
be used to fetch a secret value from the workflow platform |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the value of `secret` is a string, this is a lookup key to | |
be used to fetch a secret value from the workflow platform | |
If the value of `secret` is a string, this is a lookup key that can | |
be used to fetch a secret value from the workflow platform |
Process.yml
Outdated
implementation specific and out of scope for this document. | ||
|
||
If the input parameter is a secret, the `type` of the input | ||
parameter must only consist of `string`, `array<string>`, or |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
parameter must only consist of `string`, `array<string>`, or | |
parameter must only consist of `string`, `string[]`, or |
From discussion, should limit to only resolving the top level. Marius: maybe this should be called "protected". |
Another idea: Instead of putting the key in the workflow inputs
Specify the secret in the input document:
Use
|
I have a question about secret. How to behave when the secret strings are written in files? |
New idea. Get rid of "confidential" and introduce "SecretText" record that is passed through and dereferenced to get "plaintext" only when needed.
|
No description provided.