[FEATURE] Support system/environment variable substitutions

[dbwiddis]

Is your feature request related to a problem?

API credentials (access key, user/password, etc.) are needed for some workflow steps and should not be stored in a workflow, but may be available on the user's personal machine (as an environment variable) or passed on the command line at program start (the -E switch on OpenSearch). We need a way to do run-time substitutions based on available environment parameters or system properties. These values should not be stored (unencrypted) with the workflow, however.

What solution would you like?

Have a designated workflow substitution like ${env.FOOBAR} that fetches System.genEnv() with a possible override from System.getProperty("FOOBAR") at a minimum.

This step should ideally occur right before they're encrypted.

Do you have any additional context?

There are more complicated ways of fetching the info, such as from a server, that we can fetch later.

[dbwiddis]

To be clear on the use case/benefit of this:

• Two users can have an identical workflow template file, but each has their own API key. They can both run the same template text but it'll act differently on their machines.
• WE can put a template in CI for testing and use GitHub secrets to enable it on particular API endpoints

[dbwiddis]

After further consideration, I've realized this idea was born of local testing convenience and isn't really useful.

The use of environment variables requires them to be present on every node, which isn't practical. There's a possibility that properites might be passed on the command line, but that's highly unlikely for the envisioned use case here of runtime credential substitution.