Motivation

It’s possible to retrieve and freely look inside the workflow definition. Therefore sensitive information needs to be stored securely. Service call authentication is a common use case when we need to use secret passwords and authentication tokens.

Goal

Enable use of externally stored secrets

Scenarios

As a developer, I need to store secrets such as passwords in a secure vault in order to use those secrets in service calls for authentication.

As a developer, I want to use environment variables in my expressions / external calls so that I don’t have to hard code constants in my workflow.

Expected outcomes

Workflows can access environments variables

Workflows can use secrets from secured vaults

Externally stored secrets can be used in workflows for service call authentication

Workflows operation functions can use basic authentication

Workflows operation functions can use bearer tokens

OAuth2 authorization flow is out of scope of this requirement (tracked separately)