Add an AWS Secrets Manager
You can use AWS Secrets Manager for your Harness secrets. AWS Secrets Manager differs from AWS KMS in that AWS Secrets Manager stores both secrets and encryption keys whereas with AWS KMS, Harness stores the secret in its Harness store and retrieves the encryption keys from KMS.
In this topic:
- Before You Begin
- Step 1: Configure Secrets Manager
- Step 2: Display Name
- Step 3: Access Key
- Step 4: Secret Key
- Step 5: Secret Name Prefix
- Step 6: Region
- Next Steps
Before You Begin
Step 1: Configure Secrets Manager
- Select Continuous Security > Secrets Management. The Secrets Management page appears.
- Click Configure Secrets Managers. In the resulting Secrets Managers page, the Status column indicates the Default provider.
- Click Add Secrets Manager. The Configure Secrets Manager dialog appears.
- Select AWS Secrets Manager from the drop down list.
Step 2: Display Name
Enter a name for this secrets manager.
Step 3: Access Key
The AWS Access Key ID for the IAM user you want to use to connect to Secrets Manager.
Step 4: Secret Key
Enter the Secret Access Key corresponding to the Access Key ID.
Step 5: Secret Name Prefix
Enter a prefix to be added to all secrets. For example,
devops will result in secrets like
devops/mysecret. The prefix is not a folder name, but a prefix. Secrets Manager uses is a flat naming method.
Step 6: Region
Select the AWS Region for the Secrets Manager.
- The content size of secrets (encrypted text or file) must be less than 7168 bytes.
- Secret names must be alphanumeric (Vault and KMS do not have this limitation). When migrating secrets created using Vault or KMS into AWS Secrets Manager, failures might occur due to the secret name limitation. You will have to rename those secrets into an alphanumeric format before they can be transitioned into AWS Secrets Manager.
For more information, see Limits of AWS Secrets Manager from AWS.