Environment variables with different values for each deployment environment

Issue #15518 resolved
Matt Chamberlain created an issue

We'd like the ability to define environment variables with more granularity than at the repository level.

Ideally we'd like the option to specify environment variables at a step level and a pipeline level. Something akin to CIrcleCI - https://circleci.com/docs/2.0/env-vars/

This would support having secure environment variables with different credentials for each deployment environment.

Comments (8)

  1. Matt Ryall

    Thanks for raising this, @Matt Chamberlain. Can you explain a bit more about what you would like to use these step/pipeline-specific variables for?

    To add environment variables at the step level, you can just put them in your script like this:

    pipelines:
      default:
        - step:
            script:
              - export VAR=value
              - ...   # rest of script
    

    So we don't really see the value of adding a specific feature for step variables in Pipelines.

    For variables at the pipeline level to be useful, you're really talking about having one variable with different values on different branches (or on custom pipelines).

    The main use case we hear for these is people wanting to use branch permissions to restrict deployments using Pipelines, by only having certain environment variables (like credentials) available to certain branches. This feature request we're currently tracking as #13676, and seeing how we can address it as part of our work in Bitbucket Deployments. If that's what you're after, please vote for that issue instead.

    The other use case is having different URLs or other non-sensitive variables on each branch, but again these are usually easily set as part of the script in the YAML file.

    If it's something else you're after, please let us know and we'll see how this fits in our priorities.

  2. Matt Chamberlain reporter

    Thanks Matt!

    Ah right that's a good point thank you. Putting exports in the script will be what we're looking for, we might even have a whole bunch of exports in a separate shell file for each environment as we've got quite a lot. Maybe something like:

    pipelines:
      default:
        - step:
            script:
              - npm run source-env UAT
              - ...   # rest of script
    

    The only piece we're missing is our secure variables. We use the same scripts for each environment and it would be great to refer to the same variables without having to prefix them.

    So for example with a secure environment variable such as MY_SECRET and with only being able to specify at the repository level we'd have to have something like UAT_MY_SECRET and PROD_MY_SECRET. Or is there another way I'm missing?

    Cheers,

    Matt

  3. Matt Ryall

    At the moment you need to prefix them, because we don't yet have a way to create environment-specific environment variables. It will likely be part of the solution for #13676.

    Just to be sure, I'll leave this feature request open and rename it so it covers this case specifically.

  4. Aneita Yang staff

    Hi everyone,

    We've introduced the ability to configure variables unique to each tracked deployment environment.

    This gives you the ability to have variables with the same name, but with different values depending on which environment the variable is being accessed by.

    Deployment variables can be configured in your repository's Settings > Pipelines > Deployments. For more information about deployment variables, check out our documentation.

    We hope you enjoy this addition.

  5. Log in to comment