Offline Package Drop variables

Oscar Huibers's Avatar

Oscar Huibers

23 Aug, 2017 09:28 AM

Hi,

I was looking at this discussion: http://help.octopusdeploy.com/discussions/questions/7330-offline-package-drop-centralised-variables

We are having the same requirement.
The variables we need to set customer specific are most of the times: Login credentials for database connection
For security and maintenance reasons we are not allowed and don't want to maintain these variables for 30+ customers.
So the answer in the discussion is not an option for us.

Do you have an alternative?

Thanks,
Oscar Huibers

  1. 1 Posted by Vanessa Love on 25 Aug, 2017 05:39 AM

    Vanessa Love's Avatar

    Hi Oscar,

    Thanks for getting in touch! Your two options are listed in that ticket. Manage the variables per customer and have a drop for each, or have a single drop location with placement variables.

    While you do end up with variables hidden within a large variables file that need to be replaced, a 'settings' file that is then scripted to find and replace in our variables file might be an option.
    The variables file will have entries such as:

     "OctopusUseGuidedFailure": "False",
      "DBPass": "##DBPASSWORD##",
      "Octopus.Release.Previous.Id": "Releases-7",
    

    Where you can script a find and replace process to be run before the deployment. Due to not managing the variables it comes down to placeholder variables and some process to replace them in the variables files.

    Please let me know if you would like this explained in more detail of if you have further questions.
    Vanessa

  2. 2 Posted by Bea on 12 Oct, 2017 02:06 PM

    Bea's Avatar

    Can this be explained further please? Our requirement is the fact for security reasons, we are not allowed to store any variables in octopus for the environment we are trying to deploy to. By creating an offline package drop, we need to somehow create file with blank values of all the variables required to install the components needed to deploy. How do we go about doing this do you know?

  3. Support Staff 3 Posted by Michael Noonan on 16 Oct, 2017 03:59 AM

    Michael Noonan's Avatar

    Hi Bea,

    Thanks for getting in touch! What is the driving reason why you can't store variables for the target environment in Octopus? We see this commonly with PCI Compliance concerns, and are planning a longer term solution to the root problem: https://octopus.com/blog/remote-release-promotions-rfc

    Does this sound like it would help address your needs?

    In the meantime there may be some things we can do to help you with your current version of Octopus. Any high-level details you are comfortable to provide would help me understand your situation, and what we might do to help.

    Hope that helps!
    Mike

  4. 4 Posted by Bea on 16 Oct, 2017 08:40 AM

    Bea's Avatar

    I would hope you could help....I just had a quick overview of the link you sent as welll and im not sure if it is what I am looking for. I vaguely understood the concept of "spaces" and it might just be our solution.
    For reasons beyond me, our cutomer does not want any values of the environment we are to deploy stored in Octopus as they say it is a highly secure environment. In our case it was best to create an offline package drop but that also requires that you already have the variables stored in octopus. We need a way to create lets a file with a list of variables but with no values in it. That way at point of deployment, before they start the batch file, they will manually have to add the values to the variables and then start the offline deployment which picks up the values necessary.
    Is this something that can be done?

  5. Support Staff 5 Posted by Michael Noonan on 18 Oct, 2017 07:06 AM

    Michael Noonan's Avatar

    Hi Bea,

    Thanks for keeping in touch! Unfortunately we don't have first-class support for that kind of thing.

    There is one workaround I can think of, but I am hesitant to suggest it since it's more of a hack. When Octopus builds your offline drop, it builds a handful of files inside a folder structure. One of the folders contains all the variables files. If you don't set the Encryption password on your offline drop, and you don't have any sensitive values that will be written via the offline drop, all of the variables will be written in a clear-text JSON file. Your customer could update the values in that JSON file and run the deployment, using their own secrets.

    If you have sensitive variables as part of the deployment, and set the Encryption password on the offline drop target, those sensitive values are encrypted into a file which you won't be able to edit by hand.

    Hope that helps!
    Mike

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac