Hi Prateek Mittal, currently when adding a new secret Harness just defaults to the key maintained by AWS. However, one current use use case brought to my attention would be the requirement for secrets to be created and managed with specific customer-managed keys. Unfortunately, with our current implementation, users in this scenario are required to create the key initially uuing the aws maintained key, then follow up either via the AWS console, or via AWS CLI and manually specify the ARN for the kms key id the user wanted to initially create the secret with. This makes secret creation a manual 2-step process for users who find themselves in this situation (especially for multiple secrets). The ask would be to add an input field when creating AWS SM connector to optionally specify a specific key id to be utilized when creating new secrets.

This is not supported today. We use the default kms key.

What is the need to specify a different KMS key? Can you explain the reasoning?