Feature Requests

The KMS connector only accepts KMS AR stored in Harness Secret Manager. We need an ability to pull those ARN from AWS secret manager.

The PEM key secret is currently required to be stored in the built-in Harness secret manager. Please add support for storing it in the Vault secret manager.

We'd like a method to be able to test if a secret is resolvable, as per this documentation here: https://developer.harness.io/docs/platform/variables-and-expressions/harness-expressions-reference/#service-expressions Harness supports expressions to check if a value is resolved instead of relying on null checks. The expression <+expression.isResolved(<+pipeline.variables.var1>)> verifies whether a variable resolves to a non-null value. Similarly, <+expression.isUnresolved(<+pipeline.variables.var1>)> can be used to check if a variable remains unresolved. It is recommended to use these expressions instead of <+<+pipeline.variables.var1> != null> for more reliable evaluation in pipelines. The reason for this is to help our teams be able to prepare for cases where it isn't resolvable. We want to be able to use ternary situations to determine what should happen, and using the "is resolvable" doesn't seem to be able to check against the secret.

Hi, I have a pipeline that reads the secrets (username,password,port) for connecting to the servers. These servers are grouped by environment. Ex: Environment A123 has servers server1, server2, server3. Currently, I define the secret like env123_ser1_username, env123_ser1_password. It will be best, if there is a functionality to group the secrets by environment env123.

As of today, the AWS KMS Connector in Harness does not support the sign/verify use case. Currently, being a secret manager connector, it only supports encryption and decryption.

We recently had our upgrader job break our delegates because the override we specific using this api, ( https://apidocs.harness.io/tag/Delegate-Setup-Resource#operation/publishedDelegateVersion ), expired. This broke our delegates because our runner clusters do not have internet access, and the upgrader set the delegates to pull the public image, sending our delegate workload into a imagepullbackoff loop

Not allowing organizations to delete until all projects are deleted inside it.. This feature should be applied to harness organizations to avoid deletion of orgs without cleaning up projects inside it. same as s3 bucket in AWS.

There should be some option to configure the notification schedule like right now it only sends one notification which Ops team can easily miss, so its good to have multiple notification may be every day or after 5 hours etc but we can't configure this right now so I request you to implement this feature.

After asking the question to support, it appears there is no way to disable the default tag applied to a delegate. The default tagging has cause outages in our company when someone building a test environment (which automatically deploys a delegate) takes out production deployments. This is due to the "automatic" tag that is being applied by harness. Since the employee was building a test, it has the same cluster name as the production environments but it is in an air-gaped AWS account. Because the Harness delegate "phone home" and starts communicating with Harness the default tag allowed it to be used in our pipelines causing deployments to fail. I would rather disable the delegate tags and allow me to strictly specify what tags I want a delegate to have. This would eliminate "surprises" In a way this would also help with https://ideas.harness.io/feature-request/p/default-harness-delegate-tag

Currently, if a user makes any changes to a Secret Manager Template, they must edit the Custom Secret Manager and re-select the updated template to reflect the changes. We would like to automate the reconciliation of Secret Manager Templates as we frequently make changes to them.