Hi all,
I’ve only just discovered the Nextflow secrets feature and wondered if there was some way I could set secrets without using the command line. For example, if I had a dotfile somewhere in my home directory, could I use groovy to set secrets based on the contents of that file?
Thanks!
–Nick
Hi @nrminor,
The goal of Nextflow Secrets is precisely not having the secret exposed as raw text in your environment, so you need the CLI to set it. You can always have a bash script setting the secrets and running it prior to Nextflow (either manually, or using beforeScript), but ideally you should use the CLI.
A community member made nf-dotenv for loading variables from an environment file: GitHub - fulcrumgenomics/nf-dotenv: Automatically source dotenv files into your Nextflow scope
Thanks @Adam_Talbot - that’s exactly what I was looking for. And understood @mribeirodantas, although I’m under the additional constraint that I’m trying to keep secrets out of both a shared shell history and the environment.
To make matters worse, the pipeline I wanted this for will be running in a shell script in an HTCondor job, such that every time the job runs, it would need to set secrets with the CLI. Only being able to set secrets in the command line encourages putting secrets in the condor script in this case, which I’d like to avoid. Instead, I’d prefer to just pull from a global dotfile that’s not checked into a VCS, and it looks like the plug-in will make that possible.