Home → Questions →

Pass Web Deploy password to Environment deployment as a variable

• Edit

jrusbatch

03 Feb, 2017 05:51 PM

When setting up a new Web Deploy Environment, is it possible to use a variable placeholder in the password field?

1. 1 Posted by Ilya Finkelshte... on 03 Feb, 2017 06:35 PM

   

   Yes, sure you can do something like this:

   environment:
     wappwd: 
       secure: wo3gqImLjckquy1VnmwSL/S6H1Q1m7t6iKUGcvhKrzDDTIsBB2Qd2rz6Nmz6d9i9nTT5B1ci017GElrkKdf0ow==
   ...
   deploy:
   - provider: WebDeploy 
     ...
     password: $(wappwd)
   

   However I am not sure if this is is what you want. Are you going to provide different passwords depending on different conditions on the fly? Can you please elaborate the scenario more?

   Ilya.

   • Edit

2. 2 Posted by jrusbatch on 05 Feb, 2017 03:55 PM

   

   We have several web applications running as Azure App Services. Following the documentation here, I would like to create a new deployment environment (using the "Web Deploy" provider) that can be shared across multiple projects for deploying to Azure. According to the documentation, I can use environment variables in several of the fields when creating a new environment (see attached screenshot). The environment variables can than be set in our projects appveyor.yml files like so:

   deploy:
   - provider: Environment 
     name: Azure (Production)
     website_name: webapp
     website_username: $(app_username)
     website_password: $(app_password)
   

   However, the "Password" field on the page to create a deployment environment masks user input (as you can see in the attached screenshot). Does this mean that that field cannot rely on an environment variable in the same way that the Username field does? If so, that would mean that I need to create an new Environment per application, since Azure assigns unique Web Deploy credentials per App Service.

   • Screen_Shot_2017-02-05_at_10.53.09_AM.png 121 KB
   • Edit

3. 3 Posted by Ilya Finkelshte... on 06 Feb, 2017 02:44 AM

   

   I see, sorry missed that this is Environment deployment.

   You can actually do that by copy-paste $(website_password) into Password field. This will work because internally all settings are treated the same way and if setting value (after it is decrypted) looks like variable ($(something)), AppVeyor will try to substitute it with value of variable named something.

   But you don't have to do it!!! You can use the same user-level/deployment credentials for all of those sites instead of publishing profile credentials. Please this doc to get simple difference explanation. Sure this will work great if your sites are under the same MS account. If not you can theoretically reset those credentials to be the same between accounts, though this is questionable from security perspective.

   Hope this helps.
   Ilya.

   • Edit

4. 4 Posted by jrusbatch on 06 Feb, 2017 01:30 PM

   

   Awesome! I hadn't seen that page on the Kudu wiki, either! Thanks for your help!

   • Edit

5. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:14 AM.