Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

are project variables accessible in Environments in Deployment projects

florentcuret
florentcuret
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 14, 2020

Hi,

we are using bamboo 6.9.0 build 60909 and we have different projects within the company. Each team is working within its project to create Plans, Stages, Jobs, Deployments Project and Environments.

So my team has its own project and we found out that the most convenient way to store passwords in a central place was to use global variables (on admin level). By this way any of our Plans, Stages, Jobs, Deployment Projects and Environments can use them.

We were aware about the fact that other admins from other project teams could see the defined variables but it was ok at the time.

Now concerns emerge and other project teams advised my team to get rid of our project related global variables rightfully clamming that global variables are actually reserved for cross project variables (like company variables).

Therefor I was wondering if upgrading bamboo to version 7.1 would help... As a matter of fact I found out that bamboo 7.1 supports another "level" of variables: https://confluence.atlassian.com/bamboo/defining-project-variables-1018270685.html

Because it is not clear to me if Deployment Projects and Environments belongs to a Project, I was wondering if project variables are as well accessible in Deployment Projects and Environments?

Best regards,

Florent

Answer
Watch
Like Jimmy Seddon likes this
578 views

2 answers

0 votes
Boris Van Hardeveld
Boris Van Hardeveld
Atlassian Partner
September 18, 2020

Hello @florentcuret

Deployments can and are normally linked to a build plan. When creating a deployment project, one of the available settings is 'Link to build plan'. This ensures build artefacts are shared from the build to the deployment, but the variable context of the build is also captured and available during the deployment as stated at https://confluence.atlassian.com/bamboo/bamboo-variables-289277087.html#Bamboovariables-Releasesvariables. This includes a snapshot of the project variables as well!

The problem with this is that, as per the documentation, "The snapshots mentioned above do not contain password variables." Which is a requirement in your situation as I understand correctly. In order to solve this, some options come to mind:

- Do not use the words 'Secret' or 'Password' in your variable names, so they are not treated as 'password variables' by Bamboo. This exposes your passwords/secrets and thus might or might not be an option based on the security context.

- During your builds, write your variables to a properties file in a (script) task and subsequently read this file back to ***result*** variables using the 'inject Bamboo variables task' to pass them to the deployment. See: https://confluence.atlassian.com/bamboo/configuring-a-variables-task-687213475.html. However, this is only marginally better in terms of security than the previous option.

- Specify your variables twice, once in the context of the build (plan or project variables) and once in the context of the deployment (environment variable). This might or might not be an option, but requires keeping the variables in sync.

- Use something like the plugin https://marketplace.atlassian.com/apps/1221965/secret-managers-for-bamboo, which allows you to fetch the variables both for the build and the deployment from a central location without compromising on security. Note that I am affiliated with this plugin.

Hope this helps.

Reply
0 votes
Jimmy Seddon
Jimmy Seddon
Community Champion
September 14, 2020

Hi @florentcuret,

Welcome to the Community!

I'm not 100% sure as I haven't tried this out myself, but based on the way I have seen variables act from within Bamboo Specs (Java or YAML) I believe Deployment project are separate from Build Projects.

-Jimmy

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.