Use Secrets in a Delegate Profile

Updated 1 day ago by Chakravarthy Tenneti

To use Secrets in a Delegate Profile, create encrypted text in Harness Secrets Management for the credentials, and then use variable names for those credentials in the Delegate Profile.

In this topic:

Before You Begin

Step 1: Add Encrypted Texts

For Delegate Profiles, if you wanted to add a Helm repo that requires login credentials to every Kubernetes pod running a Harness Kubernetes Delegate, you can create encrypted text in Harness Secrets Management for those credentials, and then use variable names for those credentials in the Delegate Profile using the ${secrets.getValue("secret_name")} expression.

For more information about Delegate Profiles, see Delegate Profiles and Common Delegate Profile Scripts.

  1. In Harness, select Continuous Security > Secrets Management.
    The Secrets Management page appears.
  2. Under Execution Credentials, click Encrypted Text. The Encrypted Text page appears.
  3. Click Add Encrypted Text. The Add Encrypted Text dialog appears.
  4. In Name, enter repoUsername. This name will be used later in the Delegate Profile script to reference this secret.
  5. In Value, enter any username. The dialog will look like this:

  1. In Usage Scope, click Scope to Account. This will scope the secret to the Account-level. It can then be used in a Delegate Profile.
  2. Click Submit.
  3. Add a second encrypted text with the name repoPassword, using any password. Be sure to set Usage Scope to Scope to Account, also. The dialog will look like this:
  4. Click Submit. Now you can create a Delegate Profile and use these secrets.

Step 2: Manage Delegate Profiles

  1. Click Setup.
  2. Click Harness Delegates.
  3. Click Manage Delegate Profiles, and then Add Delegate Profile.
    The Manage Delegate Profile dialog appears.
  4. In Name, enter Helm Repo.
  5. In Startup Script, enter your Helm commands using the secrets you created:

    helm init --client-only

    helm repo add --username${secrets.getValue(“repoUsername”)}--password${secrets.getValue(“repoPassword”)}nginx https://charts.bitnami.com/bitnami

    helm repo update

    The secrets are referenced as variables using ${secrets.getValue()} and the names you gave them, repoUsername and repoPassword:

    ${secrets.getValue(“repoUsername”)}
    ${secrets.getValue(“repoPassword”)}

    The Manage Delegate Profile dialog will look like this:
  6. Click Submit.

Now when you add this profile to a Kubernetes Delegate, it will add the Helm repo using the credentials you added as Encrypted Text in Harness Secrets Management.

A quick way to get the name of a secret is to hover over the secrets in Secrets Management and click the Copy icon:


How did we do?