Allow HMAC Webhook secrets to be pulled from external KMS such as vault/AWS/GCP etc
long-term
F
Firm Whippet
Currently harness HMAC webhooks can only be configured to use secrets stored in the harness secretes manager. We would like to use vault to store our secrets and the webhook to be configured to pull the secret from vault when triggered.
Log In
Prateek Mittal
long-term
Prateek Mittal
under review
Rohan Gupta
Merged in a post:
Add HMAC authentication to outbound webhooks channels for global notification
E
Electric violet Wildcat
We're looking to use the Global Notifications configuration in harness to send webhooks for all events across the harness account. At the moment this doesn't support authentication. Is it possible that this is already on the roadmap?
The way this typically works is that it's possible to configure a pre shared secret for Webhook events channels (like in github, gitlab, bit bucket etc), then a header is added that includes the HMAC signature of the message. The receiver of the webhooks then authenticates the messages using HMAC. This doesn't seem to be possible for outbound webhooks from harness today.