Restrict Secrets Usage
You can restrict the usage of secrets only to Delegates or to specific Harness User Groups. You can set up restrictions using the secret's Usage Scope and the User Group's Application Permissions.
In this topic:
Before You Begin
Review: Secret Scope
When creating secrets, it's important to understand their scope in your Harness account.
A user can only create a secret according to the scope set by its Harness User permissions.
For example, if you have access to Application A only, you can create a secret scoped to Application A.
If you have access to Application A and B, you may still narrow the secret's scope to Application A only.
If the scope of a secret is only Application A, then only users with Read permission for Application A may see that secret. Users with Write permission to Application A may edit it also.
Option 1: Scope to Account
If your Harness User account is part of a User Group with the Administer Other Account Functions permission enabled, you will see the Scope to Account option in the Encrypted Text and File dialogs.
Select Scope to Account to make this encrypted file secret available to Delegate Profile scripts only. Only secrets scoped to the account are available to use in Delegate Profiles.
Option 2: Usage Scope
You might want to restrict which Harness User Groups can use a secret. Restrictions are set up using the secret's Usage Scope and the User Group's Application Permissions.
For example, in the following image, the Usage Scope of the secret is limited to the ExampleForDoc Application, and a User Group's Application Permissions are also limited to ExampleForDoc:
This limits the User Group to using only that secret (assuming that no other secrets Usage Scopes include ExampleForDoc).
If you select the Scope to Account setting, the secret can be used in a Delegate Profile, as described in Using Secrets.