Cowboy in the desert.

Environment specific variable permissions

Today I released another Octopus Deploy update, mostly containing small bug fixes following the 1.1 release. However, this release also included one new small feature - the ability to control variable viewing/editing permissions at an environment level.

For example, in the screenshot below I've denied variable viewing/editing permission for the Columbia project's Production environment:

Deny permission

Now when someone tries to view or edit the variables for that project, they'll find that they won't be able to see the production values:

This user can't see the production variable

When editing, the "Production" environment won't be available in the environments drop down, and they won't be able to make changes to variables already in the Production environment.

Typically, you would set this up with one group (perhaps "devops") that are allowed to view/edit production variables, and deny it to anyone else.

Hopefully this feature makes it easier to manage production settings and passwords in Octopus without making them visible to the whole organization.