From 2a3029bd755ac4cb708cc649f8c451feacd384b6 Mon Sep 17 00:00:00 2001
From: Peter Amstutz <peter.amstutz@curii.com>
Date: Fri, 17 May 2024 06:49:35 -0400
Subject: [PATCH] Add text about checking correctness for secrets.

---
 Process.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Process.yml b/Process.yml
index 1dd3c8d..8e503c2 100644
--- a/Process.yml
+++ b/Process.yml
@@ -828,6 +828,13 @@ $graph:
         type).  However implementations may, at user option, treat
         failure to look up a secret as a fatal error.
 
+        Workflow engines should verify that, when a secret is passed
+        through multiple levels (e.g. from a parent workflow to a
+        sub-workflow to a command line tool), it is secret at every
+        level, for example through a check that secret inputs are only
+        be passed to workflow steps where the inputs are also marked
+        as secret, or that secret inputs to a workflow step are
+        themselves secret at the parent workflow level.
 
 - name: OutputParameter
   type: record