Add Text Secrets
You can add a text secret to the Secrets Manager and use them in your resources like Pipelines and Connectors.
This topic describes how to add a text secret in Harness.
In this topic:
- Before You Begin
- Step 1: Add Text Secret
- Step 2: Use the Encrypted Text
- Step 3: Reference the Encrypted Text
- Review: Invalid Characters in Secret Names
- Review: Secrets in Outputs
- Review: Secret Scope
Before You Begin
Step 1: Add Text Secret
This topic assumes you have a Harness Project set up. If not, see Create Organizations and Projects.
Secrets can be added inline while setting up a Connector or other setting, and they can also be set up in the Account/Organization/Project resources.
These steps are for setting up a secret in the Account/Organization/Project resources. To do this, go to Project SETUP, Organization, or Account Resources.
Click Secret and select Text.
The Add new Encrypted Text settings appear.
Select the Secrets Manager you will use to encrypt this secret.
Enter a name for the encrypted text. This is the name you will use to reference the text elsewhere in your resources.
Enter a value for the encrypted text.
Enter Description for your secret.
Enter Tags for your secret.
Step 2: Use the Encrypted Text in Connectors
All of the passwords and keys used in Harness Connectors are stored as Encrypted Text secrets in Harness.
You can either create the Encrypted Text secret first and then select it in the Connector or you can create/select it from the Connector by clicking Create or Select a Secret:
You can also edit it in the Connector.
Step 3: Reference the Encrypted Text
For an Encrypted Text secret that's been scoped to a Project, you reference the secret in using the expression:
For example, if you have a text secret named doc-secret, you can reference it in a Shell Script step like this:
echo "text secret is: " <+secrets.getValue("doc-secret")>
For Encrypted Text scoped to an Account, you reference them using account with the text secret name:
Review: Invalid Characters in Secret Names
The following characters aren't allowed in the names of secrets:
~ ! @ # $ % ^ & * ' " ? / < > , ;
Review: Secrets in Outputs
When a secret is displayed in an output, Harness substitutes the secret value with asterisks so that the secret value is masked. Harness replaces each character in the name with an asterisk (*).
For example, here the secret values referenced in a Shell Script step are replaced with
If you accidentally use a very common value in your secret, like whitespace, the
* substitution might appear in multiple places in the output.
If you see an output like this, review your secret and fix the error.
Review: Secret Scope
When creating secrets, it's important to understand their scope in your Harness account.
A user can only create a secret according to the scope set by its Harness User permissions.
For example, when you create a new project or a new organization, a Harness Secret Manager is automatically scoped to that level.