Hi, Im looking at how to get securely manage secrets for tasks running in a multi tenant Aurora cluster. My current thinking is to use Vault to store the secrets then have a custom executor which uses something known about the task to fetch the secrets from Vault, to do this though I need to have a way to know in advance a key for a task to lookup in Vault, which can not be set by the users. Ideally this would be the job key, which is set by the scheduler, but as far as I can see the executor has no knowledge of the scheduler (by design) and that it does not get passed the job key via the task.json, or any other metadata.
My question is, is there anyway for a custom executor to find out what the tasks job key is that it is launching? Or has anyone found a better solution for managing secrets for tasks? Thanks
