Harness can use a HashiCorp Vault to store secrets used during deploys,
- Usernames
- Passwords
- Certificates
To name a few. After the initial setup customers encounter issues with Harness not being able to pull secrets. A common problem issue is the wrong type of token was during the initial setup.
To integrate with Harness, you need to create a periodic token.
The command to create a periodic token is
vault token create -policy=<name-of-policy> -period=1d.
The period should be significantly greater than the Renewal Interval given in Harness. For example, if you set a period for ~60 minutes, then the renewal should be at most 45 minutes to give us enough time to retry in case of abnormal failures.
If a customer setup a period token the screen output would look like this,
Notice the TTL of the token. A non-periodic token you cannot increase the TTL to be greater than what it is currently.
Here is a sample for a periodic token.
.
Notice that there is period field in the output.