I’m concerned about the security implications for how files stored in the Hub secrets store are handled locally by KNIME AP. My findings are as follows - can someone please alleviate my concerns or understanding, or is this an actual risk?
To reproduce:
I dutifully placed a key (p8 file) in KNIME Hub’s secrets. I then used a KNIME Hub Authenticator in my AP workflow to authenticate to KNIME Hub, and connected that to a Secrets Retriever node (screenshot).
The Secrets Retriever node is configured to pull that p8 file (screenshot).
When it executes, the p8 file is written to the workflow’s data area (screenshot) on the local machine, and is readable. A portion of the name of the file to the write is slightly altered with several hex numbers, but the portion on the left matches e.g. this_is_my_secret_keyfil324cef5ded5f4121.p8
When the Secrets Retriever node resets, the p8 file disappears. When I close the workflow, the p8 file also disappears.
However, KNIME AP:
Does write the file to the LOCAL repo on the local disk, which makes it potentially accessible by other processes.
Cannot clean up after itself properly in case it crashes. This can leave files accessible indefinitely. This is how I noticed the issue.
Per the Secrets Guide webpage, the secrets are not stored when it is saved for security reasons, but p8 files appear locally regardless of whether the workflow is saved.
this is a limitation of file-based secrets, which need to be stored locally while the workflow is executed because they are consumed by third-party libraries (for example JDBC drivers). These libraries usually only support local file system paths and cannot work with in-memory representations.
We agree that the workflow data area is not an ideal location for storing such temporary secret files. In a rare edge case—if KNIME crashes before the temporary file is deleted—this could lead to involuntary sharing of secrets when a workflow is exported and shared with another person. To address this, we will revisit the storage location to prevent involuntary sharing (internal ticket AP-25574).
It’s also important to note that this is only an issue during local execution. On the KNIME Hub, a copy of the workflow is created for execution. The secret file is then stored in the data area of this copied workflow, which is deleted automatically once the job itself is deleted even if it crashed.
Tobias, thanks for that explanation - I’m glad it’s a known/considered issue. The rare edge case is what I believe caused my files to be left behind - several workflows open with the file on disk, and then it crashes (could also be power loss - not always AP’s fault )
)