I need to run some pre-processing logic before some job worker of a service task is run. In my pre-processing logic, I need to obtain secret information and pass it to the job worker. This is secret information, so it must not be visible in operate. I was thinking of using custom headers since I cannot use variable.
I tried execution listener on the service task. Seems like I couldn’t set the custom headers here. Is there anyway to pass these secret information to the service task’s job worker?
Hi @khew.
Please refer here for possible ways to use secrets:
And also you could directly inject your secrets into your job workers inside your application (e.g. autowiring via spring boot or getting them from a vault). If your job workers don’t save those secrets as variables, they won’t be visible in operate.
You cannot use service task headers for that. They are meta-data and belong to the process model, not to the process instance (Service tasks | Camunda 8 Docs).
I think you should implement this behaviour directly in your worker by implementing it in a base class like in this simple example or similar (using simply classic OO in java):
import io.camunda.zeebe.client.api.worker.JobHandler;
public abstract class BaseWorker implements JobHandler {
protected String secretInformation;
public BaseWorker() {
this.secretInformation = "secretInformation";
}
}
and in your worker:
import io.camunda.zeebe.client.api.response.ActivatedJob;
import io.camunda.zeebe.client.api.worker.JobClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class ServiceWorker extends BaseWorker {
private static final Logger logger = LoggerFactory.getLogger(ServiceWorker.class);
@Override
public void handle(JobClient client, ActivatedJob job) {
logger.debug(secretInformation);
}
}
So sorry, I should have answered earlier. I’m swamped with work :(.
Thank you for your answer. It is clear I couldn’t use the custom headers. I guess at the moment, we will go with something like Adam proposal, where in the job worker, we would reach out to another microservice that manage all these secret. Just for everyone information, we are doing this simply because Camunda doesn’t allow us to have hidden variables, as we often need to pass sensitive data within our processes, not just client-id-secret but GDPR data.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.