On a standard shared HTCondor deployment condor_schedds often allow
reading by others and the Environment Classad is readable too - better
to pass sensitive information (api keys) via a method that doesn't
expose them to the world.
This commit writes a secure temp-file under '/tmp' with the api_token in
it and transfers that file to the jobs with condor's file-transfer
mechanism and sources that file in the spawner prior to execution
On a standard shared HTCondor deployment condor_schedds often allow reading by others and the Environment Classad is readable too - better to pass sensitive information (api keys) via a method that doesn't expose them to the world.
This commit writes a secure temp-file under '/tmp' with the api_token in it and transfers that file to the jobs with condor's file-transfer mechanism and sources that file in the spawner prior to execution