Here is the scenario….
This is regarding MS Release Management 2015. If we set a release (QA –> Stag –> Prod) and in each environment, we have some specific sensitive information that needs to be replaced in the config files. Now, our understanding is that we have to create variables in components and it will replace the information accordingly in the particular environment but the value needs to be written in the workflows at the time of the release creation. Release will be created by QA team and we don’t want them to see the sensitive information of the Production. How to achieve it? How can we avoid writing sensitive value at the beginning? Can we have security around it?
Here is the solution to this scenario:
Follow the below steps for Agent Based release templates.
- For every environment like Staging/Production, create a Group. Let’s say a group for SQA as shown below. It can be added from Administration –> Manage Users.
- From the security tab, add the stage and the type of permission like “Edit Value…”. Suppose we have added stage as “QA” and we gave “Edit Values and Target servers” rights then all the members of SQA group can edit the values of the variables in that particular environment.
- Configure Variables for different stages as “Encrypted” type. To do so, go to Configure Apps –> Components –> Configuration Variables
Finally, the values of the encrypted variables can be set in each stages by the respective teams. Please note that the values needs to be set before initiating the release. Once the release will be started, it cannot be changed. This is also controlled by the security set at step 2 above. –End of Article–