Composable Blueprints
Multiple blueprints can be composed into one master blueprint which specifies the deployment model for multiple included blueprints, by using includeBefore and includeAfter parameters. This allows you to scale your deployment and release models with any number of blueprints. During the implementation of a composed blueprint, the CLI will work through the blueprints in the sequence defined, merging the questions into a single list and applying any custom values that were defined in the composed blueprint. For more information on the YAML fields that enable composable blueprints, see IncludeBefore/IncludeAfter fields for composability.
Configure Secure Communication With Workers and Satellites
The Deploy master communicates with workers and satellite servers over a secure communication channel using TLS/SSL technology to encrypt data. This algorithm relies on certificate checking and data encryption using asymmetric keys.
Configure the CLI to Trust a Deploy Server Certificate
If you configured your Deploy server to use a self-signed certificate, you will notice that trying to connect with a normal command-line interface (CLI) configuration will fail:
Connect Deploy to Your LDAP or Active Directory
By default, Deploy authenticates users and retrieves authorization information from its repository. You can also configure Deploy to use an LDAP repository to authenticate users and to retrieve role (group) membership. In this scenario, the LDAP users and groups are used as principals in Deploy that can be mapped to Deploy roles. Role membership and rights assigned to roles are always stored in the Deploy repository.
Connect to Atlassian Crowd
By default, Deploy authenticates users and retrieves authorization information from its repository. Deploy can also be configured to use an Atlassian Crowd repository to authenticate users and to retrieve role (group) membership. In this scenario, the Atlassian Crowd users and groups are used as principals in Deploy and can be mapped to Deploy roles. Role membership and rights assigned to roles are stored in the Deploy repository.
Deploy Concepts
Deploy is an application release automation (ARA) tool that deploys applications to environments (for example, development, test, QA, and production) while managing configuration values that are specific to each environment. Deploy is designed to make the process of deploying applications faster, easier, and more reliable. You provide the components that make up your application, and Deploy does the rest.
Log Analysis Tool in Deploy
Elastic Stack
Logging in Deploy
By default, the Deploy server writes informational, warning, and error log messages to standard output and to XLDEPLOYSERVER_HOME/log/deployit.log when it is running. In addition, Deploy:
Manage Deploy Permissions in YAML
You can specify and maintain global permissions, roles, and users for Deploy in YAML, enabling you to manage this aspect of your Deploy configuration "as code".
Manage Release Permissions in YAML
You can specify and maintain global permissions, roles, and users for Release in YAML, enabling you to manage this aspect of your Release configuration "as code".
Manage System Passwords
This topic describes how to change the encryption key password and the admin user's password in Deploy.
Pendo Analytics and Guidance
Pendo.io is a Product Analytics platform used in Deploy to enrich the product experience and provide insights to the product management team.
Permission Microservice (BETA)
* The Digital.ai Deploy's Permission service—by default—runs (embedded) on the Digital.ai Deploy server.
Roles and Permissions
Deploy includes a fine-grained access control scheme to ensure the security of your middleware and deployments. The security scheme is based on the concepts of principals, roles, and permissions.
Secure Sensitive Data With Passwords and Encrypted Dictionary Entries
This topic describes how password properties and encrypted dictionary entries combine to secure sensitive data in Deploy.
Security FAQs
What are the implications of deprecating TLS protocol versions 1.0 and 1.1?
Security in Stitch
Stitch sources are created under the Configuration tab of the CI Explorer. Using configuration or folder permissions, you can show/hide Stitch sources. As a Stitch source is also a CI, it has the same logic for permissions as all other CI’s.
Set up and Configure LDAP With Deploy
To set up LDAP:
Set up Roles and Permissions
Deploy provides fine-grained security settings based on roles and permissions that you can configure in the GUI and through the command-line interface (CLI).
Set up Roles and Permissions Using the Deploy CLI
When Deploy is installed, no permissions are granted to any user. The only users that have permissions granted are the administrator users, and they have all permissions granted to them. Deploy has one predefined administrator user called admin, with the default password admin. For more information, see roles and permissions.
Store Credentials
In the Configuration section of the CI Library, you can define one or more sets of credentials to be used with source artifacts. To define credentials, you must have admin global permissions. You can use the defined credentials to provide a username and password to any HTTP URL that requires authentication.
Store Encrypted Passwords in Deploy
Digital.ai Deploy provides a mechanism to automatically encrypt passwords and allow you to refer to them, so you do not need to store third-party passwords in plain text in configuration files. To declare a new third-party password:
Store Proxy Servers in Deploy
In the Configuration section of the CI Library, you can define one or more sets of proxy servers to be used with source artifacts. To define a proxy server, you must have admin global permissions. You can use the defined proxy servers to provide a
Store Shared Host Credentials
Your infrastructures can include multiple remote hosts that share the same credentials. To simplify credential management across these hosts, you can configure a single CI to define shared credentials for any remote host that requires authentication. Then, when you define an overthere host connection, you can select the shared credentials CI. This is applicable to the following host types:
Update the Digital Certificate
To support secure communications, Deploy can generate a self-signed digital certificate. This can cause issues in situations where Deploy needs to be accessed using a URL other than https4516, because the Common Name in the certificate is localhost.