Storing additional credentials for third-party applications
acknowledged
S
Soft Salamander
We are currently exploring integration of Nextflow with various third-party systems, such as BaseSpace, Benchling and Slack so that, e.g. a pipeline could start by pulling data from BaseSpace using the BaseSpace API, combine that with meta-data from Benchling extracted using the Benchling API, and send various information/processing updates to Slack. This is all possible, but we have to pass in API keys into the pipeline for each of these applications, which we can currently only do by adding them in the
Pipeline parameters
section in Seqera Platform (we don't want to store them in our Docker containers or in GitHub for security reasons).We want to store these securely so that they can be configured in Seqera Platform by System Admins and passed into Nextflow scripts without being exposed through the platform interface, similar to how cloud and repo credentials currently get configured. It would be really useful if it were possible to add any generic type of credential/secret in the
Credentials
section in a workspace (probably made up of a name and any number of key-value pairs) and to then be able to use those credentials like params in a Nextflow script. Unlike params, they wouldn't be exposed on the Parameters
or Configuration
tabs. As an example, when adding credentials to a workspace in Seqera Platform, you could have another option,
Other
in the Provider
drop-down which would enable you to create a credential record with the following fields (and this could get encrypted and stored): name : "benchling"
token : "xyz"
You could then reference that credential in a Nextflow script, something like this:
$credentials.benchling.token
The platform would pass those credentials to the script without exposing them on the Seqera Platform interface.
Rob Newman
acknowledged