When a <+secrets.getValue(...)> expression references a secret path that does not exist, Harness currently substitutes an empty or null value and continues pipeline execution without throwing an error.

This behavior is silent regardless of whether the secret manager connector is configured to connect via delegate or via Harness Platform, though the Platform (cloud-side) path is particularly opaque since resolution errors are not propagated back to the pipeline at all.

The expected behavior is that a missing secret should be treated as a hard failure, and the pipeline should be stopped immediately with a clear error indicating which secret path could not be resolved.

This would prevent downstream failures that are difficult to diagnose, in this case, a Kubernetes Job crashing with BackoffLimitExceeded, which appears unrelated to secret resolution.

Affected areas: secret expression rendering in Helm values files, Native Helm deployments, secret manager connectors using Platform-side connectivity.