During a planned security improvement to rotate service authentication secrets in the Prod 4 environment, an incorrect secret value was inadvertently applied to a subset of internal services. This resulted in authentication failures between platform components, impacting CI initialization, delegate task creation, and log streaming for certain pipeline executions. The issue was resolved by rolling back the token configuration to the previous known-good version and validating service recovery.
Affected environment: Prod 4
Customer-visible impact:
CI builds failed during initialization with errors such as:
CD and IaCM pipeline stages continued to execute but did not stream logs.
Some Shell Script steps failed during execution.
Delegate tasks could not be created or assigned for some pipeline executions.
No customer data was lost or corrupted.
As part of a planned security initiative, authentication secrets used for communication between internal platform services were rotated in the Prod 4 environment.
During the rotation process, an incorrect secret value was inadvertently configured for one of the services. Instead of applying the newly generated secret in the expected format, a default/incorrect value was introduced. This created a mismatch between services that authenticate using the shared token, causing authentication requests to be rejected with HTTP 400 errors.
The authentication failures prevented CI components from obtaining log service tokens, disrupted delegate task creation, and prevented log streaming for affected pipeline executions.
Engineering responded by:
To reduce the likelihood of similar incidents in the future, Harness will: