From the docs im not clear what permissions / restrictions are available for exporting projects. Is there a way to limit exports to only the admin team? Or limit exports to only non-sensitive vars? Whats to stop a ‘evil developer’ with access to a project from exporting the project and reading the sensitive passwords stored there in?
Thanks for reaching out to Octopus support and for your great question regarding project exports.
Space Manager user role is currently required to export a project. If a developer who has any of the usual project access (i.e.
Project lead, etc.) attempts to access the
Export Projects functionality, they will get a message telling them they do not have the necessary permissions.
We use a required password during the export process to encrypt any sensitive variables included with the project, so those should not be accessible if someone has bad intentions.
Hopefully, this helps, and please let me know if you have any other questions for us.