Add a secret manager
Harness includes a built-in Secret Management feature that enables you to store encrypted secrets, such as access keys, and use them in your Harness Connectors and Pipelines.
Looking for specific secret managers? Go to:
- Add an AWS KMS Secret Manager
- Add a HashiCorp Vault Secret Manager
- Add an Azure Key Vault Secret Manager
- Add Google KMS as a Harness Secret Manager
- Add an AWS Secrets Manager
Before you begin
Step 1: Configure Secret Manager
Select your Account, Organization, or Project.
In Setup, select Connectors.
Create a new Connector. The Connectors page appears.
Under Secret Managers, select a Secret Manager type.
Go to:
Provide the account access information for the new secret manager.
If you choose to set this secret manager as the default, select Use as Default Secret Manager.
Click Finish.
When a new Default Secret Manager is set up, only new Cloud Provider and/or Connector secret fields are encrypted and stored in the new Default Secret Manager. Cloud Providers and Connectors that were created before the modification, are unaffected.
Secret manager scope
You can add secrets to the Org or Project scopes using a Secret Manager with an Account or Org scope. For example, you can create secrets inside a project using the Secret Manager created at the Org or Account level.
When you create a secret, Harness shows the list of secret managers at the parent scope and up the hierarchy. If you create a secret at the project level, Harness lists all secret managers scoped at the Account, Org, and Project levels.
Harness creates new secrets with secret manager scope information and identifiers. Harness displays the secret manager scope on the secret list page.
Where are secrets stored?
Harness stores all your secrets in your Secret Manager.
The secret you use to connect Harness to your Secret Manager (password, etc) is stored in the Harness Default Secret Manager.