Eddy Ma on 06 Feb, 2018 03:27 AM
Thanks for getting in touch! Your settings look good to me. Having the environment as a restriction on the certificate itself is a security concern, especially if the certificate contains a production private key. You can get more information about environment restriction on certificate from the following documentation page. Browse
I've seen the documentation, and your response doesn't really answer my question -
other than it seems like you're vaguely confirming that the environment restrictions on the cert are redundant to restricting them on the variable since the later would be required.
If we have to define each cert via the variables, and override which is used via the scope, then that means every time we add a new environment to deploy to we would have to update the variables in the package to be deployed - right?
Thanks for following up so quickly. I get what you mean about the potential for human error, though unfortunately there's no way to accomplish this without having to update variables for every new environment. I'd recommend adding this suggestion on our UserVoice site, which is the main avenue we consult when considering new features/enhancements. https://octopusdeploy.uservoice.com/
Sorry it's not better news! Let me know if there's anything else we can assist with.