Harness Security FAQs
This content is for Harness FirstGen. Switch to NextGen.This article addresses some frequently asked questions about Harness security features.
- Before You Begin
- General
- Harness Role-based access control (RBAC)
- Harness Authentication
- Secrets Management
- How are secrets managed in Harness?
- Where can I use a secret?
- How do I create a secret?
- How do I use a secret?
- Can I limit a secret to certain users?
- Can I use my existing secrets in Harness?
- Can I migrate secrets between secrets managers?
- Are my secrets exposed in logs?
- Can I view all my setup events and changes in Harness?
- Can I view deployment history?
- What can I see in the audit trail?
- Can I filter audit events?
- Governance
- IP Whitelisting
- API Keys
Before You Begin
General
For an overview of Harness' support for platforms, methodologies, and related technologies, see Supported Platforms and Technologies.
What security features does Harness provide?
Harness includes:
- Users and User Groups
- Role-based access control (RBAC)
- Single sign-on (SSO)
- Password policies
- Two-Factor Authentication
- Domain name restriction
- IP Whitelisting
- Support for common and custom secrets managers
- Encryption for all 3rd party account info
- Encrypted text
- Encrypted files
- SSH connection credentials
- SSH with Kerberos
- WinRM connection credentials
- WinRM with Kerberos
- Auditing
- Governance
- Deployment Freezing
Are Delegate communications secure?
Yes. All network connections from the Delegate in your local network or VPC to Harness SaaS are HTTPS outbound-only.
What data does the Delegate send to the Harness Manager?
The Delegate and the Harness Manager (via SaaS) establish a Secure WebSocket channel (WebSocket over TLS) to send new Delegate task event notifications (not the tasks themselves) and exchange connection heartbeats. In the case that the WebSocket connection is dropped, the Harness Delegate falls back to outbound-only, polling-based task fetch.
- Heartbeat - The Delegate sends a heartbeat