From e50ffbbb24a89a076fd1c97d4f7392f4381636d8 Mon Sep 17 00:00:00 2001
From: Charles d'Avernas <charles.davernas@neuroglia.io>
Date: Thu, 9 Jan 2025 19:08:20 +0100
Subject: [PATCH] Add a warning about using the `$secrets` runtime expression
 Closes #979

Signed-off-by: Charles d'Avernas <charles.davernas@neuroglia.io>
---
 dsl.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dsl.md b/dsl.md
index fe44f3ad..19900b22 100644
--- a/dsl.md
+++ b/dsl.md
@@ -348,6 +348,7 @@ When the evaluation of an expression fails, runtimes **must** raise an error wit
 | workflow | [`workflowDescriptor`](#workflow-descriptor) | Describes the current workflow. |
 | runtime | [`runtimeDescriptor`](#runtime-descriptor) | Describes the runtime. |
 
+⚠️ **Warning**: Use `$secrets` with caution: incorporating them in expressions or passing them as call inputs may inadvertently expose sensitive information.
 
 ##### Runtime Descriptor
 
@@ -406,6 +407,8 @@ The following table shows which arguments are available for each runtime express
 | Task `export.as` | Transformed task output | `$context` | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
 | Workflow `output.as` | Last task's transformed output | Transformed workflow output | ✔ | | | ✔ | | ✔ | ✔ | |
 
+⚠️ **Warning**: Use `$secrets` with caution: incorporating them in expressions or passing them as call inputs may inadvertently expose sensitive information.
+
 ### Fault Tolerance
 
 Serverless Workflow is designed with resilience in mind, acknowledging that errors are an inevitable part of any system. The DSL provides robust mechanisms to identify, describe, and handle errors effectively, ensuring the workflow can recover gracefully from failures.