Open sfmskywalker opened 4 years ago
Some of our activities require more information about the current context/session like current userid, tenantid, preferred language, environment type (prod or stage). Other activities require a per user secret (e.g. current OAuth2 token).
So I'm wondering if an extra session/context would make sense or if the concept of the secrets store should be extended as both could be a simple list of key/values.
Indeed. How about a new object called Environment
or Vault
that is basically a list of key/values. Some values need to be stored encrypted, such as API keys. This environment would be tenant-specific, and accessible from any activity (either by injecting an e.g. IEnvironmentAccessor
or via WorkflowExecutionContext.Environment
.
Do you confirm we can't store password securely in workflow for now ?
Yes, Elsa won't encrypt secrets for now. You need to store encrypted information yourself.
Ideas based on discussions with @jdevillard and @mohdali
Improve the extensibility and user interaction of variable types by integrating custom UI components based on selected variable types and introducing a new variable type for managing secrets.
-Secret
@sfmskywalker secrets we use often have an expiration date, and as such we need someone to renew that secret from time to time. Could support for, minimally, adding expiration date tracking that can be queried via API br included? A published expiration event at a certain threshold (at time, 30, 90 days, etc.) would be ideal, giving us the ability to respond as needed.
I totally agree. In fact, it is already part of the design that I'm working on. Thanks for the request, it perfectly confirms my thinking 👍🏻
Introduce a new "Secrets" feature to securely manage sensitive data that various activities within a workflow might require. Examples include API keys for HTTP requests or connection strings for database queries.
Key Entities
Secret
Secret Storage
Secret
entity will be stored via theISecretStore
abstraction.ISecretStore
will be supported, allowing for different storage options:AzureKeyVaultSecretProvider
implementation.Contracts
Elsa.Secrets.Management
module.This architecture allows for flexible secret management, enabling scenarios like using a
DatabaseSecretProvider
to fetch secrets from a database or anAzureKeyVaultSecretProvider
to fetch them from Azure KeyVault.UI Enhancements for Variable Types
Dynamic UI Components
Globals
Conclusion
This feature enhances the security, flexibility, and extensibility of Elsa Workflows by centralizing the management of sensitive and non-sensitive data, ensuring that secrets and global values are handled securely and efficiently across different workflows.