nextflow secrets does not work with secrets that contain $

[jdidion]

Bug report

A secret that contains a $ character results in an error when running a task configured to use the secret. The problem looks to be that that when the .nf-XXX.secrets file is generated, it contains export commands with double-quoted rather than single-quoted values.

Expected behavior and actual behavior

I expect that there will be no restrictions on the characters that I can store in secrets.

Steps to reproduce the problem

main.nf:

process secret_test {
  secret 'FOO'
  script:
    """
    echo '\$FOO'
    """
}

workflow {
  secret_test()
}

nextflow secrets set FOO '$bar'
nextflow run main.nf`

Program output

/dev/stdin: line 2: bar: unbound variable

The ~/.nextflow/secrets/.nf-XXX.secrets file contains:

export FOO="$bar"

Environment

• Nextflow version: 23.10.1
• Java version: 11.0.21
• Operating system: macOS
• Bash version: zsh 5.9

[pditommaso]

Tricky, @marcodelapierre you may want to give it a try

[marcodelapierre]

Given a first look.

@pditommaso, was there a specific rationale for using double quotes in the export definitions of secrets?

At this stage, I am considering whether one of these might be a viable solution (still under investigation):

1. use single quotes instead of double quotes in the secrets file definition
2. allow flexibility via specific nextflow secrets set option, e.g. --single-quote or similar
3. allow flexibility by mirroring Bash export behaviour, and hence adapt definition based on the string input by the user (does the user string contain single vs double quotes?)

[pditommaso]

Maybe this is the best solition

nextflow/modules/nextflow/src/main/groovy/nextflow/processor/TaskProcessor.groovy

Line 2089 in e2e6081

script << /export $name="${Escape.variable(value)}"/