I’m investigating using the first-class tenant feature in octopus (we currently have an environment-per-tenant setup, with a variable set per environment).
I’d like to create a variable template with a sensitive field using the “Prompt for value” option that’s offered by non-templated variables. Is that possible? When I create a new variable template and select “sensitive”, I don’t get the option for “Prompt for value” and to supply a label and description.
This is important to us for two reasons
- We keep passwords in a separate password manager app. I don’t want to give them to OD until it’s time to deploy
- It’s convenient for us to do this because I can link to the relevant password in our password manager in the label field so that when we deploy, I can just copy and paste the url in the browser and get right to the correct password.
If variable templates don’t support “prompt for value” fields, how can I create a different “prompt for value” field per tenant, since i can’t scope variables to tenants (only to environments)?
Thanks for getting in touch! You should be able to use a normal “Prompted Variable” defined in the Project for this. The idea is that:
- You should be prompted for a value upon each time you deploy a release
- We create a new deployment for every tenant
So in effect you should be prompted for this value when you create a deployment for any tenant, and you can provide the password appropriately.
However: I found a problem for your scenario. The UI only shows you a single prompt for a value - and then applies that single value to all the tenanted deployments created when you click the
I’m going to raise this with my team and figure out how we want to proceed from here.
In the meantime
You can still create the prompted variable, but just deploy to a single tenant at a time.
Hope that helps!
Thank you for this explanation. This makes sense to me, and I noticed the same problem when I tried it out.
I’d love it if the variable template allowed me to have the same “prompt” options (Label, description, required) as a normal variable.
Thanks for keeping in touch! I’ve had a talk with my team, and we definitely want to do something to make this user experience better, but not just for prompted variable values. We have some similar issues when you are creating multiple tenanted deployments:
Now it comes down to a matter of timing because the real fix for this is a redesign of that user experience.
I’ve created this GitHub Issue for you to follow specifically about prompted variables: https://github.com/OctopusDeploy/Issues/issues/3511
In the meantime
Are you blocked? I feel like there are some workable alternatives:
- Put your passwords in Octopus - this is extremely common. The downside is if you update your passwords frequently. The upside is you’ll remove the requirement for a human in the loop to enter the password on each deployment.
- Use a prompted variable but deploy to one tenant at a time.
- Use the Octopus API to kick off your deployments, pulling the password from your common store.
Hope that helps!
We’re not blocked. Either solution 1 or 2 will work for us in the mean time
Thanks for keeping in touch! That’s good to know. Make sure to watch the GitHub Issue for when this is handled.