Harness Platform administration including delegates, RBAC, connectors, secrets, templates, policy as code (OPA), user management, audit logs, and governance
Administer Harness Platform resources including delegates, RBAC, connectors, secrets, templates, and OPA policies. Use when configuring access controls, deploying delegates, managing secrets, or enforcing governance policies across account/organization/project hierarchies.
/plugin marketplace add Lobbi-Docs/claude/plugin install jira-orchestrator@claude-orchestrationThis skill is limited to using the following tools:
Comprehensive Harness Platform administration for delegates, RBAC, connectors, secrets, templates, OPA policies, and governance.
Account (Root)
├── Organization
│ ├── Project
│ │ ├── Pipelines, Services, Environments
│ │ ├── Connectors (project-level)
│ │ └── Secrets (project-level)
│ ├── Connectors (org-level)
│ └── Secrets (org-level)
├── Delegates
├── Secrets (account-level)
└── User Management
Types: Kubernetes (Helm, YAML), Docker, Shell, ECS
Kubernetes Helm Install:
helm repo add harness-delegate https://app.harness.io/storage/harness-download/delegate-helm-chart/
helm install harness-delegate harness-delegate/harness-delegate-ng \
--namespace harness-delegate --create-namespace \
--set accountId="${HARNESS_ACCOUNT_ID}" \
--set delegateToken="${DELEGATE_TOKEN}" \
--set delegateName="prod-delegate" \
--set replicas=2
Delegate Selectors: Route tasks to specific delegates with labels (e.g., production, aws, k8s)
Troubleshooting:
kubectl get pods -n harness-delegate
kubectl logs -n harness-delegate -l app=harness-delegate --tail=100
kubectl exec deployment/harness-delegate -n harness-delegate -- curl -s localhost:8080/api/health
Built-in Roles:
Resource Types: PIPELINE, SERVICE, ENVIRONMENT, CONNECTOR, SECRET, INFRASTRUCTURE
Custom Role Example:
role:
name: Deployment Manager
permissions:
- resourceType: PIPELINE
actions: [core_pipeline_view, core_pipeline_execute]
- resourceType: SERVICE
actions: [core_service_view, core_service_access]
- resourceType: ENVIRONMENT
actions: [core_environment_view, core_environment_access]
User Groups & Role Binding:
Cloud Connectors:
Kubernetes:
Container Registries: Docker Hub, ECR, GCR, ACR
Test Connector:
curl -X POST "https://app.harness.io/gateway/ng/api/connectors/testConnection/${CONNECTOR_ID}" \
-H "x-api-key: ${HARNESS_API_KEY}" \
-d '{"accountIdentifier":"...", "orgIdentifier":"...", "projectIdentifier":"..."}'
Secret Managers: Harness Built-in (Google KMS), HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault
Vault Connector:
connector:
type: Vault
spec:
vaultUrl: https://vault.company.com
basePath: harness
authToken: <+secrets.getValue("vault_root_token")>
renewalIntervalMinutes: 60
secretEngineVersion: 2
Secret References:
<+secrets.getValue("my_secret")><+secrets.getValue("vault://secret/data/myapp#api_key")><+secrets.getValue("awsSecretsManager://prod/database")>Types: Step, Stage, Pipeline, StepGroup (reusable across pipelines)
Step Template Example:
template:
name: Notify Slack
type: Step
spec:
type: ShellScript
spec:
shell: Bash
script: |
curl -X POST $SLACK_WEBHOOK \
-H 'Content-Type: application/json' \
-d '{"text":"<+input>"}'
Using Templates in Pipeline:
template:
templateRef: standard_k8s_deploy
versionLabel: "1.0.0"
templateInputs:
spec:
service:
serviceRef: my_service
environment:
environmentRef: production
Policy Structure (Rego):
package pipeline
# Deny production deploys without approval
deny[msg] {
some stage in input.pipeline.stages
stage.stage.spec.environment.environmentRef == "production"
not has_approval_step(input.pipeline)
msg := "Production requires approval step"
}
# Require delegate selectors
deny[msg] {
some stage in input.pipeline.stages
stage.stage.spec.environment.environmentRef == "production"
not stage.stage.spec.infrastructure.spec.delegateSelectors
msg := "Production must specify delegate selectors"
}
Policy Set Configuration:
policySet:
name: Production Governance
policySetType: Pipeline
policies:
- policyRef: require_approval
severity: error
- policyRef: require_delegate_selectors
severity: error
entitySelector:
- type: PIPELINE
filter:
- key: projectIdentifier
value: production_project
Evaluation Points: On Save, On Run
Query Logs:
curl -X POST "https://app.harness.io/gateway/ng/api/audits/list" \
-H "x-api-key: ${HARNESS_API_KEY}" \
-d '{"accountIdentifier":"...", "pageIndex":0, "pageSize":20}'
Event Types: CREATE, UPDATE, DELETE, LOGIN, PIPELINE_START, PIPELINE_END
Authentication:
# API Key
curl -H "x-api-key: ${HARNESS_API_KEY}"
# Bearer Token
curl -H "Authorization: Bearer ${TOKEN}"
Common Endpoints:
GET /ng/api/user/usersGET /ng/api/user-groupsGET /ng/api/rolesGET /ng/api/resourcegroupGET /ng/api/connectorsGET /ng/api/v2/secretsGET /ng/api/delegate-token-ngGET /template/api/templatesPOST /ng/api/audits/listCreate Project:
curl -X POST "https://app.harness.io/gateway/ng/api/projects" \
-H "x-api-key: ${HARNESS_API_KEY}" \
-d '{"project":{"name":"My Project","identifier":"my_project","orgIdentifier":"default"}}'
Delegate Management:
Security:
Organization:
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.