We are currently implementing Harness IDP workflows to trigger pipelines using a service account-based token for scalability and controlled access.
As part of our design:
IDP workflows trigger pipelines on behalf of users.We plan to use a service account token (instead of user tokens).End-user identity (email) will still be passed for auditability
Current Understanding / Constraint From our discussions and previous inputs:
IDP workflows can retrieve tokens only from Harness Secret Manager
External secret managers (e.g., Vault) may not be supported for this use case.
As per this ticket reference:
we can only use Harness Secret Manager for Vault and not the enterprise Vault. Creating this feature request to enable the ENTERPRISE VAULT for IDP module in Harness. thanks.