Hi there,
I have been tried for days to have nextflow secrets work with Seqera platform on GPC. however it seems to convert this config block
env { GOOGLE_GENAI_API_KEY = secrets.GOOGLE_API_KEY}
into this
env {GOOGLE_GENAI_API_KEY = 'secrets.GOOGLE_API_KEY'}
when the workflow is actually launched, i.e. converting the reference to the secret into a string, which cannot be evaluated.
I’ve tried (really hard.. it’s been very conflictual :P) to investigate with Seqera AI, which finally indicated the following:
”””
This shows you’re correctly trying to:
-
Set the environment variable
GOOGLE_GENAI_API_KEY -
To the value of the secret named
GOOGLE_API_KEY -
Using the reference
secrets.GOOGLE_API_KEY
The naming is correct. The problem is still that Nextflow is not resolving the secret and is treating secrets.GOOGLE_API_KEY as a literal quoted string instead of looking up the actual secret value.
This confirms that we have a fundamental integration issue between Nextflow’s secrets system and the Seqera Platform’s Google Secret Manager integration, even with:
-
Correct secret name (GOOGLE_API_KEY) -
Correct reference syntax (
secrets.GOOGLE_API_KEY) -
nf-google plugin loaded
-
Proper service account permissions
-
Secret exists in Google Secret Manager
The Seqera Platform + Google Cloud Batch + Nextflow secrets integration is simply not working as documented. This appears to be either a bug or a missing feature in the current implementation.
At this point, you may need to contact Seqera support about this secrets integration issue with Google Cloud Batch, as all the configuration appears correct but the system isn’t functioning.
”””"
anyone has a better clue?