v8
Search
⌃K

Application I/O

Following page describes for an iExec application:
Mastering all sections in detail is not required, only pick what you need for your particular use-case.

Application Inputs

The different kinds of input are listed below:
name
type
confidentiality
provider
args
string
public
requester
files
public
requester
strings
secret*
requester
dataset
file
secret*
requester/ third-party
string
secret*
app developer
* secret inputs are only available in Confidential Computing tasks.

Args

The requester uses args to pass non-sensitive arguments to the app.

Provisioning args

args are defined by the requester via requestorder params.iexec_args.
requestorder
{
...
"params": {
...
"iexec_args": "do something"
...
}
...
}

Consuming args

args are forwarded as they are, straight to the application.

Input files

The requester uses input files to pass non-sensitive files to process.

Provisioning input files

input files are defined by the requester via a list of download URLs in requestorder params.iexec_input_files.
requestorder
{
...
"params": {
...
"iexec_input_files": [
"https://example.com/file.txt",
"https://example.com/image.jpeg"
]
...
}
...
}

Consuming input files

Each input file is downloaded in the IEXEC_IN directory and gets its name exposed to the application via IEXEC_INPUT_FILE_NAME_x (where x is the index of the file starting with 1).
Input files count is exposed via IEXEC_INPUT_FILES_NUMBER.

Requester secrets

The requester uses requester secrets to securely pass secrets to the application.

Provisioning requester secrets

The requester pushes named secrets to the SMS.
The requester defines a mapping of secret names onto secret numbers via requestorder params.iexec_secrets (secrets numbers must be strictly positive).
requestorder
{
...
"params": {
...
"iexec_secrets": {
"1": "my-login",
"2": "my-password"
}
...
}
...
}

Consuming requester secrets

Each requester secret is exposed to the application in IEXEC_REQUESTER_SECRET_x where x is the secret number set by the requester.

Dataset

The requester uses a dataset to use third-party confidential data in the application.

Provisioning a dataset

The dataset provider creates a dataset and defines the governance in datasetorders.
The requester specifies the dataset to use via requestorder dataset.
requestorder
{
...
"dataset": "0x915F00E3A45e7A78aa21401D0398109f795D8bcA",
"datasetmaxprice": "0"
...
}

Consuming a dataset

The dataset file is downloaded and decrypted on the fly in the IEXEC_IN directory. It gets its name exposed to the application via IEXEC_DATASET_FILENAME.
The dataset address is also exposed via IEXEC_DATASET_ADDRESS.

App developer secret

The developer uses an app developer secret to inject an immutable secret into the application.

Provisioning an app developer secret

The app developer pushes an app developer secret to the Secret Management Service.
Once pushed, an app developer secret cannot be modified.

Consuming an app developer secret

The app developer secret is exposed to the application in IEXEC_APP_DEVELOPER_SECRET

Runtime variables

Runtime variables are environment variables set by the iExec protocol and available for your application.

Input variables

Name
Type
Content
IEXEC_IN
path
Absolute path of iexec input folder
IEXEC_INPUT_FILES_NUMBER
int >= 0
Total number of input files
IEXEC_INPUT_FILE_NAME_x
string or unset
Name of the input file indexed by x (x starts with 1)
IEXEC_REQUESTER_SECRET_x
string or unset
requester secret number x (x starts with 1)
IEXEC_DATASET_FILENAME
string or unset
Name of the dataset file
IEXEC_DATASET_ADDRESS
address
ethereum address of the dataset used (or address zero)
IEXEC_APP_DEVELOPER_SECRET
string or unset
app developer secret

Other variables

Name
Type
Content
IEXEC_OUT
path
Absolute path of iexec output folder
IEXEC_TASK_ID
bytes32
taskid of the running task
IEXEC_BOT_TASK_INDEX
int >= 0
Index of the current task in the Bag of Tasks*
IEXEC_BOT_FIRST_INDEX
int >= 0
Index of the first task in the current Deal (Bag of task* subset)
IEXEC_BOT_SIZE
int >= 1
Total number of parallelized tasks in a Bag of Tasks*
* The requester may request multiple tasks in a single requestorder (Bag of Tasks), a unique index is given to each task of the bag.

Application outputs

An iExec application produces a result archive (zip file) for the requester with the following tree:
result.zip
├── stdout.txt
├── stderr.txt
├── computed.json
└── ...
  • The iExec worker automatically creates stdout.txt and stderr.txt containing the logs of your application.
  • Your application must create the computed.json file in IEXEC_OUT when the computing is over.
  • Any file placed in IEXEC_OUT will also be added to the result archive.
Your application must always create a computed.json file in the iExec output directory as a proof of execution.
It contains at least a field deterministic-output-path which is the path of the deterministic portion of your results (file or a non-empty folder) and is required for the proof of execution (this file should always be the same when same inputs are given).
computed.json could look like { "deterministic-output-path" : "/iexec_out/result.txt" }.
The computed.json file is compared across replicated tasks in the Proof of Contribution protocol to achieve a consensus on workers.
For Developers - Previous
Technical references
Next - For Developers
Manage your orders
Last modified 1mo ago