How to hide passwords in Octopus deploy

iamsaanvig's Avatar


09 Jan, 2018 10:58 AM

we are deploying a web app into DEV, TEST and PROD environments. One of the variables on the Octopus server holds the appPool user and password.

It makes sense for developers to edit this value within DEV, but they should not be able to see the values for TEST or PROD etc.

It looks like the permissions defined within Octopus allow "variables - view" to be scoped to Project, but not environment...

Is there a good way around this problem.

Thanks in advance

  1. Support Staff 1 Posted by Kenneth Bates on 10 Jan, 2018 12:51 AM

    Kenneth Bates's Avatar

    Hi Saanvi,

    Thanks for getting in touch! It's definitely possible to configure this permissions structure. Permissions within Octopus are very granular and gives you great control over what users are able to see and do within specific environments and projects.

    You can define specific permissions to custom user roles, which you then assign to teams. You can then scope these teams to individual environments. I'd recommend checking out our documentation page which outlines how you can configure separate teams with mixed environment privileges.

    If desired, you can then take it a step further and allow developers to see all variables (including those scoped to TEST and PROD), but only edit DEV scoped variables.

    I hope this helps! Let me know how you go, and if you have any further questions, feel free to reach out. :)

    Best regards,


Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac