We have observed that secrets in Harness pipelines are being resolved at the stage level instead of the step level. This creates an issue in scenarios where multiple steps within the same stage use the same secret.

Issue Example:

Step 1 uses a secret and runs successfully.

While Step 1 is still running, we update the secret in Harness.

Step 2 (which also uses the same secret) starts execution after the update.

Expected: Step 2 should fetch and use the updated secret.

Actual: Step 2 still uses the old value, since the secret was already resolved at stage start.

Impact:

This behavior can cause incidents if a secret is updated while a pipeline is running. Any subsequent steps in that stage will continue to use the outdated secret, leading to failures.

Feature Request:

We would like Harness to resolve secrets at the start of each step (not at stage initialization), ensuring that any updated secret values are correctly picked up during pipeline execution.