Custom Secrets Manager (GCP Secret Manager Example)

Hey all,

A recent request came in for GCP Secrets Manager support, which, at the time of this writing, Harness does not natively support. This doc will walk through how to get each piece setup and why (for reference, here is the script repo).

Google Setup Requirements

The Google requirements to be setup before bring anything into Harness is an API Key and a Service Account with permissions to the Secrets Manager and the Cloud Resource Manager. Additionally, the Secrets Manager and Cloud Resource Manager APIs need to be enabled.

Once those requirements are setup, you will need to save the API_KEY into the Harness Secrets Manager as custom_secret_manager.

Screen Shot 2020-12-08 at 1.39.49 PM1591×125 10.2 KB

Then create a Base64 encoded version of the Service Account JSON credentials file and add it to the Harness Secrets Manager as custom_secret_sa. Make sure to select “Scope to Account” for this secret.

Screen Shot 2020-12-08 at 1.39.56 PM1604×116 10.2 KB

Screen Shot 2020-12-08 at 1.56.49 PM1286×91 8.17 KB

Harness Setup Requirements

After adding the required secrets into the Harness Secret Manager, add the Delegate Profile script from the git repo to a Delegate Profile

image848×717 52.5 KB

Then you will need to assign the Delegate Profile to the desired Delegate(s).

The next step is to add the Secret Fetch script into the Template Library with the appropriate variables at the bottom

image592×927 64.2 KB

Harness Secret Manager

The last piece is to link the Secret Fetch Template with the Custom Secret Manager. You will need to go to Security > Secrets Management > Configure Secrets Manager

image574×895 41.4 KB

Then you will need to click the + Add Secret Manager on the top right

image1606×203 22.9 KB

Change the dropdown to Custom (this is a feature flag right now, so you will need to request it to be enabled)

image594×598 26.9 KB

Select the Shell Script from the drop down and add the GCP ProjectID and a name of a secret for Harness to look for

image601×791 36.9 KB

Hitting the Submit will run a test of the script to make sure that the script can find a secret and get a response.

The last piece is to add a secret. You will need to go to Encrypted Text at the top left and select + Add Encrypted Text

image1612×167 18.2 KB

Select the custom secret manager in the top drop down, add the display name, add the name of the secret that is in the GCP Secrets Manager, and add the GCP ProjectID

image592×874 32.7 KB

Hopefully this helps!

Don’t forget to like/comment/share!