Support for migrating secrets from one Secrets Manager (SM) to another SM
rejected
G
Golden Condor
We know we can migrate all secrets from one Secret Manager (SM) to another Secret Manager; however, we need an option to migrate a specific secret from one SM to another SM. Could you please provide us with this option?
Log In
V
Visiting Puffin
Prateek Mittal - I think you should reconsider this ask.
I'll elaborate on the need and what the pain points were.
Given that we do not want to enable the 'force delete' option at the account level due to known impacts, we are forced to go through each secret for each project and clean up all of the references to the existing secret just to delete and recreate a new secret in a different secrets manager. This is because without using the same secret name and same secret ID, you cannot easily clean up a secret and creates tons of impact since everything is referencing the original ID with the inability to delete the secret due to the references. This results in many users manually using the references tab to track down upwards of hundred(s) of references for a single secret. Manually clean those up and move on to the next secret (again potentially hundreds). It's a terrible experience and I would like to see some form of functionality that removes the toil above. We have hundreds of teams we have to manage and simply enabling the force delete option at the account level gives everyone too much power. Especially when you consider that all INLINE secret references straight up get deleted from AWS Secrets Manager resulting in unknown secret values (obviously teams should keep track of their passwords but it happens). We are trying to make all of this well known but its too risky to give out that power given that many users don't understand what Harness is doing behind the scenes.
At a very minimum, we would need the ability to enable force delete for specific projects and not on the entire account so we can at least try to push a model of opting into those settings. I believe I submitted a separate enhancement for that.
Canny AI
Merged in a post:
Ability to transfer an existing secret to a new secrets manager.
V
Visiting Puffin
It's a painful experience to delete all of the references to a resource when trying to recreate a secret in a new secrets manager. I'm aware of force delete but we have many users and some of them shouldn't have the ability to delete these underlying references. I think this functionality would make this a better user experience and would not require a team without force delete enabled at the account (the only option at the moment) to delete all their references before being able to delete and recreate.
Prateek Mittal
rejected
Prateek Mittal
Hi Vijay,
Following up on this if you are still facing it.
I assume you have moved to an external secret manager and using secret references instead of using Harness Secret Manager.
Thanks,
Prateek
J
Julep green Cobra
Hi Prateek,
Thank you for response, we are not asking for get the secret from Vault,
We would like to migrate a secret (one ) from one secret manager to another secret manager, currently we can migrate all secrets from one secret manager to another secret manger, however we need is an option to migrate a secret instead of all.
If you still have questions yeah please lets have call.
Prateek Mittal
Hi, Thanks for sharing the feedback. Can you please elaborate the scenario? Is the ask regarding Harness Secret Manager and what is the format you will be interested to get this secret.
Currently, what is the workflow to get the secrets? Please let me know if we can discuss this on a call.
Thanks,
Prateek
J
Julep green Cobra
Prateek Mittal:
Hi Prateek,
Thank you for response, we are not asking for get the secret from Vault,
We would like to migrate a secret (one ) from one secret manager to another secret manager, currently we can migrate all secrets from one secret manager to another secret manger, however we need is an option to migrate a secret instead of all.
If you still have questions yeah please lets have call.
Prateek Mittal
Julep green Cobra: Please let me know your availability to further discuss this.
Prateek Mittal
pending feedback
Prateek Mittal
under review