Secrets referenced through JEXL expressions, for example <+secrets.getValue("account.my_secret")> inside step settings, plugin configs, or shell scripts, are resolved at runtime but are not recorded as references. As a result, the Referenced By tab and the Secrets API show zero usage even when the secret is actively used by live pipelines.
Request: detect and track expression-based secret usage, surface it in the Referenced By tab, and expose it via the Secrets API so admins can perform reliable impact analysis before rotation, restriction, or decommissioning.
Example: account-level secret harness_svc_account_token is used via secrets.getValue() in plugin step settings across two active pipelines on the default branch (main), yet shows no references in the UI or API.
Created by Aadesh Bhardwaj
·