Skip to main content

AI SRE Security

Last updated on

Harness AI SRE includes security measures to protect incident data, ensuring confidentiality, integrity, and availability. It integrates with the Harness Platform's security features, including authentication, role-based access control (RBAC), audit trails, and secret management.

Security measures include:

  • Data encryption in transit (TLS 1.3) and at rest (AES 256)
  • Role-based access controls to restrict incident data
  • Secure API authentication for third-party integrations
  • Audit logging for compliance tracking

Security Measures

Harness AI SRE ensures incident security by restricting access, encrypting data, and logging all activities.

  • Access Management: Supports authentication via SAML, OAuth, and API tokens.
  • Data Protection: Encrypts incident metadata, logs, and communication history.
  • Automation & Runbook Security: Ensures that only authorized users execute automated actions.
  • Audit & Compliance: Logs every action for tracking and compliance reviews.

Role-Based Access Control (RBAC)

AI SRE uses the Harness Platform's RBAC system. Roles are configured under Organization, Account, or Project settings → Roles.

note

AI SRE runs under its own dedicated Harness project. Apply roles at the Project level unless your organization requires broader account- or org-level access.

AI SRE Permissions

The following permissions are available for AI SRE resources:

ResourceAvailable Permissions
Escalation PolicyView, Create, Edit, Delete
Incident (AI SRE)View, Edit, Incident Configure
SLOsView, Create, Edit, Delete
ScheduleView, Create, Edit, Delete

Creating Custom Roles

Custom roles can be created by combining the permissions above to match your organization's access requirements. Common role patterns include:

  • Admin role — Grants full access (View, Create, Edit, Delete) to all AI SRE resources
  • User role — Grants operational access (View, Create, Edit) without Delete permissions
  • Viewer role — Grants read-only access (View only) to AI SRE resources, including the Service Directory for service update subscriptions

Create roles that match your organization's needs using the available AI SRE permissions.

Configure RBAC

  1. Navigate to Project SettingsAccess ControlRoles.
  2. Select an existing role to edit, or click New Role to create one.
  3. Under the AI SRE resource group, enable the permissions required for the role.
  4. Assign the role to users or user groups under Project SettingsAccess ControlUsers or User Groups.

Security Components

Incident Data Storage

Incident data, logs, and automation history are securely stored.

  • Data is encrypted and retained per organization policies.
  • Access is controlled through RBAC.
Data Retention

Harness AI SRE retains incident logs and history based on your organization's settings.

Operational Security

Harness AI SRE ensures security at every stage:

  1. Incident Creation & Logging

    • Incidents are created through authenticated sources (UI, API, webhooks).
    • Data is encrypted before storage.

  2. Access & Role Management

    • RBAC controls who can access incidents, schedules, escalation policies, and SLOs.
    • Roles are applied at the Project level for AI SRE. Authentication via OAuth/SAML is required.

  3. Automation Execution

    • Actions are logged for compliance.
    • Only approved integrations execute via Harness Delegates.

  4. Audit & Compliance Logging

    • Every action is recorded for compliance audits.
    • Logs can be exported for security reviews.

  5. Third-Party Integration Security

    • OAuth tokens, API keys, and access scopes protect integrations.
    • Secure connections use TLS 1.3 encryption.

Best Practices

To enhance security in Harness AI SRE:

  • Use RBAC policies to limit access. Apply roles at the Project level and create viewer roles for read-only users.
  • Enable OAuth/SAML authentication.
  • Review audit logs regularly.
  • Use API tokens with least privilege.
  • Encrypt webhook notifications.