Skip to content

Add -user-secret and -workspace-secret flags to nextflow launch#7040

Merged
bentsherman merged 5 commits intonextflow-io:masterfrom
rnaidu-seqera:fix/nextflow-launch-workspace-secrets
Apr 28, 2026
Merged

Add -user-secret and -workspace-secret flags to nextflow launch#7040
bentsherman merged 5 commits intonextflow-io:masterfrom
rnaidu-seqera:fix/nextflow-launch-workspace-secrets

Conversation

@rnaidu-seqera
Copy link
Copy Markdown
Contributor

@rnaidu-seqera rnaidu-seqera commented Apr 16, 2026
edited
Loading

Summary

nextflow launch submits jobs to Seqera Platform via the /workflow/launch API but never includes userSecrets or workspaceSecrets in the request payload. As a result, Platform has no secrets to store in AWS Secrets Manager for the run, yet the Batch job environment always has NXF_ENABLE_SECRETS=true set — causing Nextflow to attempt and fail to fetch secrets that were never stored.

This is inconsistent with a LaunchPad-initiated run, where the UI gathers secret selections from the user and includes them in the same API request. This bug was reported via the Support Team.

Changes

  • Added -user-secret and -workspace-secret CLI flags to CmdLaunch (can be specified multiple times, one secret name per flag)
  • Added userSecrets and workspaceSecrets fields to LaunchOptions
  • Wired both fields into buildLaunchRequestPayload() in LaunchCommandImpl so they are included in the API request to Platform

Usage

nextflow launch <pipeline-repo> \
    -r main \
    -profile awsbatch \
    -workspace-secret DRAGEN_USERNAME \
    -workspace-secret DRAGEN_PASSWORD \
    -user-secret MY_USER_SECRET

Testing

Added two tests to LaunchCommandImplTest.groovy in the existing Launch Request Building Tests section:

  • should include workspace and user secrets in launch request — verifies that when -user-secret / -workspace-secret values are provided, they appear in the API payload as a Set
  • should not include secrets in launch request when none provided — verifies that when no secrets are specified, neither key appears in the payload at all

Related

Closes #7039

@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 16, 2026
edited
Loading

Deploy Preview for nextflow-docs-staging ready!

Name Link
🔨 Latest commit 96be0b5
🔍 Latest deploy log https://app.netlify.com/projects/nextflow-docs-staging/deploys/69f0ab3cf0b5430008621b41
😎 Deploy Preview https://deploy-preview-7040--nextflow-docs-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@rnaidu-seqera
added fix for nextflow launch to include workspace secrets
753501c 
Signed-off-by: Rashmi Naidu <rashmi.naidu@seqera.io>
@rnaidu-seqera
add tests for user and workspace secrets in launch request
5324df4 
Signed-off-by: Rashmi Naidu <rashmi.naidu@seqera.io>
@rnaidu-seqera rnaidu-seqera force-pushed the fix/nextflow-launch-workspace-secrets branch from f911e81 to 5324df4 Compare April 16, 2026 20:05
ewels
ewels approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@ewels ewels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, though please add some docs :)

'cc @christopher-hakkaart for visibility.

@christopher-hakkaart
Add minimal docs
388b190 
Signed-off-by: Christopher Hakkaart <christopher.hakkaart@gmail.com>
@christopher-hakkaart christopher-hakkaart requested a review from a team as a code owner April 20, 2026 03:05
@christopher-hakkaart
Copy link
Copy Markdown
Collaborator

christopher-hakkaart commented Apr 20, 2026

@rnaidu-seqera - I've added some minimal docs. Can you please check for accuracy?

rnaidu-seqera
rnaidu-seqera commented Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@rnaidu-seqera rnaidu-seqera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks @christopher-hakkaart!

@pditommaso pditommaso requested a review from bentsherman April 25, 2026 10:00
@bentsherman bentsherman added this to the 26.04 milestone Apr 27, 2026
@bentsherman bentsherman changed the title add -user-secret and -workspace-secret flags to nextflow launch Add -user-secret and -workspace-secret flags to nextflow launch Apr 28, 2026
@bentsherman bentsherman merged commit 5304510 into nextflow-io:master Apr 28, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ewels ewels ewels approved these changes

@bentsherman bentsherman bentsherman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

26.04

Development

Successfully merging this pull request may close these issues.

Nextflow launch does not propagate workspace secrets to Seqera Platform jobs

4 participants

@rnaidu-seqera @christopher-hakkaart @ewels @bentsherman