Hiding passwords in Octopus deployment

Question

Hiding passwords in Octopus deployment

I am deploying a web application in a DEV, TEST, and PROD environment. One of the variables on the Octopus server contains the appPool user and password.

It makes sense for developers to edit this value in DEV, but they should not see the values for TEST or PROD, etc.

It seems that the permissions defined in Octopus allow "view variables" to have a Project object, but not an environment ...

Is there a better way to solve this problem.

+4

octopus-deploy

Kye Jan 17 '13 at 3:09

source share

3 answers

I think you could encrypt the version of your password and use it in the axis variable and then in your deploy.ps1 script when creating the dencrypt application pool.

+3

Peter Jan 17 '13 at 19:02

source share

You can give the variables the same name and scope for each environment to get exactly what you want. http://docs.octopusdeploy.com/display/OD/Variables

Taking a step back, you can also return to the integrated Windows Authentication \ NTLM security for ACLs, NTFS permissions, database access, and the like. For example, if this is an IIS application pool, you might want to consider accessing a Windows Domain account account if it uses the Network Service. See the bottom of this page https://www.iis.net/learn/manage/configuring-security/application-pool-identities

0

user5015546 Jul 07 '16 at 15:41

source share

Paul stovell · Accepted Answer · 2013-01-18T00:50:06+0000

This is a supported feature in recent versions of Octopus. See this blog for details:

http://octopusdeploy.com/blog/environment-specific-variable-permission

Using this, you can configure a rule like "Developers cannot view or edit variables in the work environment."

Hiding passwords in Octopus deployment

More articles: