Harness account secret: Where to find it?

Where can I find account secrets (or the account secret) for my Harness account?

This secret is used by Harness Delegate, apparently to authenticate to Harness Manager. In the Install a Kubernetes Delegate how-to, section Harness Kubernetes Delegate Environment Variables, delegate environment variable ACCOUNT_SECRET is described, “The Harness account token used to register the Delegate.” There is no indication of where to find this secret, and no other mention of “secret” on the page.

With Harness Delegate of type Kubernetes, I can find at least one such secret by initiating the installation process by provisioning a new delegate in Harness Manager, then examining the YAML stream that Harness Manager provides to me.

I’m curious if I can go retrieve it/one-of-them from some corner of the Harness Manager UI.

Searching NG docs site for “account secret” and “account_secret” did not turn up an answer.

Steve Kirkup at Harness Support responded:

The Account Secret is in the configuration for the delegate service is ACCOUNT_SECRET and there should only be one value for the whole account.

Steve Kirkup
Customer Success Engineer

To be clear: I seek to find this value for the purpose of configuring a delegate , and I stated such along with my question, which remains unanswered.

@Usheer_Fotedar at Harness Support wrote the following, still not saying where one can find this value:

Currently in Next Gen the feature to generate a custom token is not present.

The feature is expected to be released in next few days.

So the default value you see when you install a new delegate in the yaml :

    value: c**********************6

is the default token value generated by Harness.

Soon we will have a feature where you can generate a custom from your end.

Although this value is named as accountSecret​, this is just a matter of terminology. In reality, this is just the Delegate Token that we’ve implemented. It could be named as ACCOUNT_TOKEN or even ACCOUNT_KEY.

In detail, this is used to register the Delegate within the Manager.

Technically, if somebody has the account id and account secret: we have this features to protect against this by using delegate profile to “approve/reject” new Delegate registration. Also, there are capabilities to “rotate/revoke” a token.

Let us know if you have any further questions and we will be happy to assist you.


Steve Kirkup at Harness Support responded:

The answer is no, you cannot get the ID outside of the delegate scripts.

Steve Kirkup
Customer Success Engineer