Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

are project variables accessible in Environments in Deployment projects Edited

Hi,

we are using bamboo 6.9.0 build 60909 and we have different projects within the company. Each team is working within its project to create Plans, Stages, Jobs, Deployments Project and Environments.

So my team has its own project and we found out that the most convenient way to store passwords in a central place was to use global variables (on admin level). By this way any of our Plans, Stages, Jobs, Deployment Projects and Environments can use them.

We were aware about the fact that other admins from other project teams could see the defined variables but it was ok at the time.

Now concerns emerge and other project teams advised my team to get rid of our project related global variables rightfully clamming that global variables are actually reserved for cross project variables (like company variables).

Therefor I was wondering if upgrading bamboo to version 7.1 would help... As a matter of fact I found out that bamboo 7.1 supports another "level" of variables: https://confluence.atlassian.com/bamboo/defining-project-variables-1018270685.html

Because it is not clear to me if Deployment Projects and Environments belongs to a Project, I was wondering if project variables are as well accessible in Deployment Projects and Environments?

Best regards,

Florent

2 answers

0 votes
Jimmy Seddon Community Leader Sep 14, 2020

Hi @florentcuret,

Welcome to the Community!

I'm not 100% sure as I haven't tried this out myself, but based on the way I have seen variables act from within Bamboo Specs (Java or YAML) I believe Deployment project are separate from Build Projects.

-Jimmy

Hello @florentcuret

Deployments can and are normally linked to a build plan. When creating a deployment project, one of the available settings is 'Link to build plan'. This ensures build artefacts are shared from the build to the deployment, but the variable context of the build is also captured and available during the deployment as stated at https://confluence.atlassian.com/bamboo/bamboo-variables-289277087.html#Bamboovariables-Releasesvariables. This includes a snapshot of the project variables as well!

The problem with this is that, as per the documentation, "The snapshots mentioned above do not contain password variables." Which is a requirement in your situation as I understand correctly. In order to solve this, some options come to mind:

- Do not use the words 'Secret' or 'Password' in your variable names, so they are not treated as 'password variables' by Bamboo. This exposes your passwords/secrets and thus might or might not be an option based on the security context.

- During your builds, write your variables to a properties file in a (script) task and subsequently read this file back to ***result*** variables using the 'inject Bamboo variables task' to pass them to the deployment. See: https://confluence.atlassian.com/bamboo/configuring-a-variables-task-687213475.html. However, this is only marginally better in terms of security than the previous option.

- Specify your variables twice, once in the context of the build (plan or project variables) and once in the context of the deployment (environment variable). This might or might not be an option, but requires keeping the variables in sync.

- Use something like the plugin https://marketplace.atlassian.com/apps/1221965/secret-managers-for-bamboo, which allows you to fetch the variables both for the build and the deployment from a central location without compromising on security. Note that I am affiliated with this plugin.

Hope this helps.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 101 Video

G’day Community! As we gear up to introduce Bamboo Data Center to the world, we wanted to make sure that we shared a bit more about Bamboo, the product. Our team has put together an overview video ...

248 views 4 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you