M
Mild Caribou
Description
When Harness issues OIDC tokens for pipelines, the token currently includes claims like account_id, organization_id, project_id, pipeline_id, and connector_id.
Please add environment-related claims (for example environment_id and optionally environment_name) to these tokens.
This would allow customers to:
  • Use environment-aware conditions in their GCP (or other cloud) IAM/WIF policies (e.g., only allow certain roles when environment_id = prod, stage, etc.).
  • Strengthen their security posture by tying cloud access more tightly to Harness deployment context without having to bolt on separate metadata or side channels.
Impact / Value
  • Improves least-privilege and environment-segregation controls in cloud IAM.
  • Aligns OIDC token contents across multiple scenarios where environment context is security-relevant.
  • Reduces the need for custom glue logic (extra metadata and mapping) between Harness and cloud IAM policies.
Created by Pedro Mastelaro
·