Create, Update, Clone, and Delete Workflows

  • Updated on Feb 3, 2026
  • Published on Jun 12, 2024
  • 5 minute(s) read
Prev Next

1.0 Introduction

Workflow graphs are maps that show how generic applications are connected to datasets and other generic applications. These are collaborative objects where multiple users can provide their own objects and approvals.

Workflows play a crucial role in orchestrating the flow of data processing within the Fortanix CCM environment. They act as collaborative entities where multiple users can contribute their respective objects and approvals, creating a streamlined and organized process for managing data.

The workflow in Fortanix Confidential Computing Manager defines the sequence of actions, including draft, pending, and final:

  • Draft Workflows: These are in-progress works that lack approval and do not grant permissions to applications. They are still under development and are not ready for deployment. These workflows do not grant any permissions to applications.

  • Pending Workflows: These represents intermediate stages where the workflow has been submitted for approval but has not received unanimous approval. During this phase, applications do not have access to datasets.

  • Final Workflows: These represents versioned and protected by quorum approval. These workflows grant applications access to datasets upon receiving certificates that confirm compliance with the approved workflow. After they are approved, a final workflow can be deployed, enabling applications to securely interact with the specified data connectors and scripts.

An application running inside a final workflow is allowed to access all connected datasets. This means:

  • The enclave will have access to the protected data guarded by input datasets.

  • It can upload data to the protected locations defined by output datasets.

To move from a draft workflow to a final workflow, you require approvals. For approvals:

  • A Fortanix CCM Account Administrator will invite other users to join the account.

  • The users join the account and provide data in the form of datasets and applications/application configurations.

For example, in this article, we have the following users:

  • Account Owner

  • Data Owner

  • Application Owner

Data Owners and Application Owners collaborate on a graph. After the graph is completed, the Administrator will submit it for approval. A workflow graph must be approved by all the users of the graph.

2.0 Create a Workflow

Perform the following steps to create a workflow:

  1. Click the Workflows from the menu list in the Fortanix CCM UI.

  2. In the Workflows page, click + WORKFLOW to create a new workflow.  

    add-workflow-button.png

    Figure 1: Create Workflow Button

  3. In the CREATE NEW WORKFLOW dialog box, enter the Workflow Name, assign it to a Group and provide a Description (optional). Click CREATE WORKFLOW to access the Workflow graph.

    Figure 19.png

    Figure 2: Created the Workflow

  4. To add an application to the Workflow graph, drag the "App" icon and drop it into the graph area. Click the + APPLICATION. In the ADD APPLICATION dialog box, select an existing application name and image. For example: /simple-python-sgx:latest from the list of available application images.
    Where, <my-registry>is the location of your registry.

    Screenshot (42).png

    Figure 3: Select Application and Image

  5. Click the + ADD NEW CONFIGURATION button to either add a new application configuration or select an existing one.  

    Screenshot (43).png

    Figure 4: Add Application Configuration

  6. Add input and output datasets to the workflow graph by dragging the dataset icon and placing it in the graph area. Click the + DATASET. In the ADD DATASET dialog box, select from an existing dataset or create a new dataset. Click CREATE DATASET to create the dataset.  

    Picture1.png

    Figure 5: Add Dataset to Workflow

  7. Establish connections between the applications and input/output datasets. To do this, connect the Input Dataset to the Application by selecting the "Input" Target Port. Repeat this process to connect the Application to the Output Dataset with the "Output" Target Port.

    Screenshot (46).png

    Figure 6: Create Connection

  8. After the Workflow is complete, click the REQUEST APPROVAL button to initiate the approval process for the Workflow.  

    Screenshot (49).png

    Figure 7: Request Workflow Approval

    WARNING

    When a draft Workflow is submitted for approval, it will be removed from the drafts list and editing it directly will no longer be possible once it is in a "pending" or "approved" state.

  9. The workflow remains in a pending state until it receives approval from all users. In the Pending menu item, click SHOW APPROVAL REQUEST to approve a Workflow.  

    Screenshot (51).png

    Figure 8: Workflow Pending Approval

  10. In the APPROVAL REQUEST - CREATE WORKFLOW dialog box, you can either APPROVE or DECLINE a workflow.  

    Screenshot (52).png

    Figure 9: Approve the Workflow

    NOTE

    • A user can also approve/decline a Workflow from the CCM Tasks menu item.

    • Notice that the users who have approved the workflow have a green tick  WorkflowEx27.png against their icon.

  11. All the users of a Workflow must approve the Workflow to finalize it. If a user declines a Workflow, the Workflow is rejected. When all the users approve the Workflow, it is deployed.

    1. CCM configures apps to access the datasets.

    2. CCM creates the Workflow Application Configs.

    3. CCM returns the list of hashes needed to start the apps.

3.0 Edit Workflow Graphs

Perform the following steps to edit a workflow:

  1. In the Approved menu item, click the overflow menu for a workflow and select EDIT WORKFLOW to edit the workflow. When a workflow is edited, a new version of the workflow is created for editing in “draft” state. The existing version stays unchanged. For example, if the first version (Version 1) of an approved workflow “Workflow 1.0” is edited, a new version (Version 2) of “Workflow 1.0” is created.  

    Screenshot (37).png

    Figure 10: Edit a workflow

  2. Update the workflow graph with the required changes and click REQUEST APPROVAL to submit the workflow for approval.  

    CCM_workflow24.png

    Figure 11: Request edited workflow for approval

  3. A new version (Version 2) of the workflow is created in the “pending” state. Click SHOW APPROVAL REQUEST to approve the workflow.  

    CCM_workflow14a.png

    Figure 12: Edited workflow in pending state

  4. Click APPROVE to approve the workflow.  

    CCM_workflow22.png

    Figure 13: Approve the workflow

  5. After the workflow Version 2 is approved, it will be linked to Version 1. Now, the user can either delete workflow Version 1 or restore it.  

    CCM_workflow23.png

    Figure 14: Workflow version 1

4.0 Clone Workflow Graphs

A workflow is cloned when you want to create a copy of an existing workflow instead of creating it from scratch.

Perform the following steps to create a workflow clone:

  1. For an approved or draft workflow, click the overflow menu on the right and select CLONE WORKFLOW to copy the workflow. When a workflow is cloned, the new workflow is created with a modified name. For example, if the approved workflow “Workflow 1.0” is cloned, a new workflow “Workflow 1.0 (clone)” is created. The user can modify the workflow name using the Edit  CCM_workflow17.png icon next to the name.  

    Screenshot (37) - Copy.png

    Figure 15: Clone a workflow

  2. Update the workflow graph with the required changes and click REQUEST APPROVAL to submit the workflow for approval.

  3. A new workflow is created in the “pending” state.

5.0 Delete Workflow Graphs

Perform the following steps to delete a workflow:

  1. For an approved workflow, click the overflow menu on the right and select DELETE WORKFLOW to delete the workflow.  

    Screenshot (38) - Copy.png

    Figure 16: Delete a workflow

  2. In the DELETE WORKFLOW dialog box, click DELETE to confirm.

  3. The workflow is deleted.

Related articles