Certificate available despite belonging to an inaccessible environment

We’re looking into ways of using the newly released Certificate manager feature which was released with the version 3.11.0 of Octopus Deploy.

One thing we’ve been wondering about, is if it’s ideal to show all certificates that have been added to Octopus Deploy. In our opinion it is alright to display the certificates belonging to environments a user has access to but nothing else.

In my concrete example, the user has access to Test clients and Innsynsenvironment Utvikling environments, but not the .Net QA environment and therefore the user ends up with an error message if he wants to see more details about the certificate.

20170223_PermissionsForHHA046.zip (1 KB)

Hi Harald,

We agree! I have created an issue to restrict visibility of certificates to only environments for which the user has permissions.

We’ll implement this as soon as possible. You can follow the issue above.



This change was released today with Octopus 3.11.2.

Tested by changing environment on a certificate, the certificate disappears from the users view when the certificate is in an unavailable environment.