It’s possible to retrieve and freely look inside the workflow definition. Therefore sensitive information needs to be stored securely. Service call authentication is a common use case when we need to use secret passwords and authentication tokens.
Enable use of externally stored secrets
As a developer, I need to store secrets such as passwords in a secure vault in order to use those secrets in service calls for authentication.
As a developer, I want to use environment variables in my expressions / external calls so that I don’t have to hard code constants in my workflow.
Workflows can access environments variables
Workflows can use secrets from secured vaults
Externally stored secrets can be used in workflows for service call authentication
Workflows operation functions can use basic authentication
Workflows operation functions can use bearer tokens
OAuth2 authorization flow is out of scope of this requirement (tracked separately)