15572: Make note that secret inputs must be submitted on command line

author Peter Amstutz <peter.amstutz@curii.com>

Tue, 17 Dec 2019 16:59:19 +0000 (11:59 -0500)

committer Peter Amstutz <peter.amstutz@curii.com>

Tue, 17 Dec 2019 16:59:19 +0000 (11:59 -0500)
author Peter Amstutz <peter.amstutz@curii.com>
Tue, 17 Dec 2019 16:59:19 +0000 (11:59 -0500)
committer Peter Amstutz <peter.amstutz@curii.com>
Tue, 17 Dec 2019 16:59:19 +0000 (11:59 -0500)
diff --git a/doc/user/cwl/cwl-extensions.html.textile.liquid b/doc/user/cwl/cwl-extensions.html.textile.liquid

index d73e83ce0e679f8f0e6d072327bb229cc19a5ad2..505cfc4f597e394a4b79690aa1db972d84f1bce7 100644 (file)
--- a/doc/user/cwl/cwl-extensions.html.textile.liquid
+++ b/doc/user/cwl/cwl-extensions.html.textile.liquid
@@ -95,6 +95,8 @@ h2. cwltool:Secrets
  
  Indicate that one or more input parameters are "secret".  Must be applied at the top level Workflow.  Secret parameters are not stored in keep, are hidden from logs and API responses, and are wiped from the database after the workflow completes.
  
+*Note: currently, workflows with secrets must be submitted on the command line using @arvados-cwl-runner@.  Workflows with secrets submitted through Workbench will not properly obscure the secret inputs.*
+
  table(table table-bordered table-condensed).
  |_. Field |_. Type |_. Description |
  |secrets|array<string>|Input parameters which are considered "secret".  Must be strings.|
author	Peter Amstutz <peter.amstutz@curii.com>
	Tue, 17 Dec 2019 16:59:19 +0000 (11:59 -0500)
committer	Peter Amstutz <peter.amstutz@curii.com>
	Tue, 17 Dec 2019 16:59:19 +0000 (11:59 -0500)