Weaver: Workflow Execution Management Service (EMS); Application, Deployment and Execution Service (ADES); OGC API - Processes; WPS; CWL Application Package
This requirement can be used to obfuscate the tool inputs such as credentials from the logs.
Although cwltool should be doing its job when the execution is handed off to it, the actual inputs submitted to the Weaver Job might still leak some information in logs. Also, those inputs should be omitted from places where they are normally readable.
[ ] ensure inputs are not reported in logs when they are specified with Secrets requirement
Description
This requirement can be used to obfuscate the tool inputs such as credentials from the logs.
Although
cwltool
should be doing its job when the execution is handed off to it, the actual inputs submitted to the Weaver Job might still leak some information in logs. Also, those inputs should be omitted from places where they are normally readable.Secrets
requirement/jobs/{JobID}/inputs
endpoints (use obfuscated representation instead, see inspiration from https://github.com/common-workflow-language/cwltool/blob/main/cwltool/secrets.py#L8)swagger_definitions
).References