We use the AWS Account feature of Octopus to store the api/key secret for accessing AWS resources. However we are required to rotate those values periodically. That works smoothly for new and manual deployments of existing releases. When the release deploys it always grabs the current key/secret. There is no need to update the release’s variable snapshot. (all this is good)
However, when an auto deploy for an existing release is triggered it does NOT retrieve the current AWS key/secret values. This is a significant problem for our AWS projects that have autoscaling enabled. The only work around we’ve found is to redeploy all releases that use the AWS variable (and have triggers) after rotating the keys. We don’t have to create a new release, but we do have to manually deploy to each environment.
Is there a workaround to this that we’re missing and if not can the auto deploy process be updated (or at least have the option) to use the current account keys. I fully understand that, by design, the auto deploy always uses the variable snapshot it was deployed with (and that makes a degree of sense), but this seems like a special use case. FWIW I think there should be a way to explicitly update the auto deploy variable snapshot, but that’s a fight for another day.