Certificate management is one example of a complex workflow that is implemented in a distributed computing environment. Certificate management involves the periodic rotation of secrets and certificates between multiple distributed computing systems. These distributed computing systems include a client system seeking services, a service principal that provides the services and a key repository that maintains and generates the certificates that are used to control access to the services. For instance, by way of example, a client website can interface with a service principal for cloud services that are provided to the client website when the client website is authenticated in response to providing a valid certificate to the service principal.
One example of a service principal is Microsoft's Azure Active Directory (AAD), which is configured to provide various services including virtual machines and other cloud resources to an authenticated client. A corresponding example of a key repository is Microsoft's Azure Key Vault (AKV), which periodically creates, stores and provides new certificates that are used by the service principal and the client to authenticate the client's access to the AAD services.
During execution of a certificate management workflow, it is critical that the certificates are created, stored and used in the proper order by the various distributed systems. Otherwise, a client can get locked out of the services that are hosted by the service principal and critical data can be lost.
The order of execution can also be important for other complex workflows that are implemented in distributed computing environments. Accordingly, some complex workflows are designed to run as transactions with tight control over the order of operations. However, in such transactional workflows, a failure of a single workflow process will often cause the entire workflow to fail.
Other complex workflows are designed with live-site operations and/or one-off scripts that are configured to run independently from the rest of the workflow. This design, however, can expose the overall workflow to inconsistencies and disordered execution and, ultimately, to overall workflow failure.
Accordingly, there is an ongoing need for improved systems and techniques for designing and running workflows, particularly complex workflows in distributed computing environments. It will be appreciated, however, that the subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practiced.