I was wondering if you can recommend any feature or tool to create the key/value for some +1’000 values who are different by customer and by environment ? We have some web.config on the root but some extra values as well in different configuration files inner the folders.
What I try to solve is how to :
- inventory all of my ressources
- Store the key/value by customer and by environment
- Give access to the customer to browse and update their own values only
- Collect these data and inject theses data in our Octopus batch scripts
If someone already had a similar request in the past and can share with me the solution they find, I would be really thankful.
Thanks for getting in touch! Are you looking to use Octopus as something like a key vault or secrets store? Unfortunately that’s beyond the extent of Octopus’ capabilities in this area. Quoting our sensitive variable doc page:
Use a password manager or key vault
If you need to retrieve these values for other purposes, consider using a password manager or key vault. The support we provide in Octopus is to securely store values that will be used during deployment, and cannot be retrieved for any other purposes. There are plenty available, and some are free, like KeePass.
There’s an existing UserVoice suggestion to
Integrate Octopus deploy project variables with Azure Key Vault
Integrate Octopus deploy with secrets managment system Vault, where one of these may address your requirements.
Let me know what you think or if I’ve misunderstood anything about your requirements.
Thank you very much for your feedback.
I’m sorry I guess I was not clear enough in my request.
Imagine this sample.
- You have a web.config file with 30 parameters (database, file directory, …)
- You have 1’500 instances of a webApp on let say 70 servers
- Each customer has 2 up to 3 envrionnments (DEV, QA, PROD)
Now my questions are the following :
- Is it possible to add there somewhere else as in the project variables (Because 4’500 values by parameters is impossible to manage)
- Is it possible to give rights to some of my staff to access and edit these values by customer or group of customers ?
- Is it possible to give rights to a user to see it’s own datas only and export them
I guess Octopus is not the good solution to have such a large number of instances and I was just wondering if it’s any solution you recommand to process my request.
Thanks for your feedback
Thanks for following up! I can definitely understand how that many values would be impossible to manage. Regarding your sample and question 1: have you considered implementing multi-tenanted architecture into your setup? This feature is specifically designed for deploying multiple instances of the same application to each end user.
You can then define each end user’s unique configuration by defining tenant variables.
Adopting a convention for how you define these variables could potentially lower the total number of variables you would have to manage.
Since multi-tenancy is such a powerful feature which requires architectural setup, I’d highly recommend looking through our comprehensive doc pages (some of which I’ve previously linked) if it sounds like it could help you meet your requirements.
Regarding question 2: Octopus also provides a very granular control over your users’ permissions. You can create unique teams, assign user roles to them (which provide the individual permissions), scope the team to individual environments, projects, etc. to control which users have access to view and/or edit which objects in Octopus.
I hope this helps get you going! Let me know how you go or if you have any further questions going forward.
Dear Kenny, thank you very much for your answer. I guess it’s what I was looking for. I need to make a few tests now
You’re very welcome! Don’t hesitate to reach out if you have any questions or concerns as you work through the testing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.