Alternative Authentication Method for Secret Managers
under review
V
Vocal Frog
I understand the need for using the Harness secret manager to avoid additional credential lookups. However, I believe there could be a workaround that doesn't require it. We could use a Vault or AWS secret manager with IAM delegate authentication, which doesn't need credential storage. This could be enforced during secret manager creation to ensure the secret manager used for credential storage doesn't require authentication credential storage. Detection could be added during secret extraction to identify multiple 'hops' and fail with a meaningful message if necessary.
Log In
Prateek Mittal
Hi Jesse,
Harness Platform supports both the use cases where you can use harness built in secret manager or an external secret manager.
We as a platform don't want to enforce that in secret manager you can only have password less method. Instead customers can create a connector and restrict the edit permission on it using RBAC.
Please let me know and we can further discuss on the call.
Thanks,
Prateek
A
Abhishek Thamman
under review
A
Abhishek Thamman
long-term