Pass Secrets between Workflow


This article walks you through how you can pass the Secrets between the Workflow.


2 Workflows
1 Pipeline

Step 1 Configure Shell Script Step in Workflow

  1. Create a Secret to pass in the Shell Script.

  2. In your Workflow add a Shell Script step.

  3. In the Shell Script declare a variable and get the secret value in that variable.

export SECRET_ID
  1. Add script output variable and make sure to select the Type as Secret.

If in case the type is selected as a string it will reveal your secret in the execution context of deployment

  1. Enable Publish output in the context.
    Create a unique variable to pass in the script with the variable of the secret.
    *Do not use reserved words in Publish Variable Name, such as var . See Variable Expression Limitations and Restrictions.

  2. In the scope select Pipeline to pass the variable in another workflow.

After following the above steps, your shell script step will look like below image:

The workflow will look like this:

Step 2 Echo Secret’s Variables in the script

  1. Create a another Workflow and add a Shell Script step.
  2. In the Shell Script you need to reference the variable from the 1st Workflow.
echo ${context.lab.SECRET_ID}

context variable is used to reference variables in context. context is a built-in Harness variable. The lab variable is what you have assigned to reference the env variables SECRET_ID

  1. Your shell script step will look like this:

  2. Your Workflow will look like this:

Step 3 Create a Pipeline to Pass the Variables

  1. Create a Pipeline.

  2. In Stage 1, add the first workflow where you have created the variables for secret’s in Step 1.

  3. In Stage 2, add the second workflow where we echoed the variables in Step 2.

  4. Your Pipeline will look like this:

  5. Deployment will look like this: