Using secret keys in WDL


In my WDL I need to access an external service with an authentication key.

What is the best practice for passing secret keys to WDLs executions?




  • RuchiRuchi Member, Broadie, Moderator, Dev admin

    Hey @mooses,

    That's a great question. There are a few things I've observed before:

    1. Place the authentication key in a bucket that is private, so only you could copy it & access the contents.
    2. If running on the cloud, each VM is authenticated with with either a specific service account or the default compute service account. It's possible the account on the VM can be given the authorization to generate the required authentication key inside the task itself.
    3. Depending on what the external service is, we might already have a mechanism to pass it along via some workflow option or global config option, such as DockerHub credentials, etc. Can you specify what the external service is in this case?


Sign In or Register to comment.