Project level build resources partially solve this problem since Bamboo 8.2.

Project-level credentials are only accessible to plans in that project.

Shared Credentials is a no-go for me. I trust most of my direct colleagues but sharing credentials with the entire development department across different countries of which I don't even know 10% of them is asking for problems... Oh well no easy to use AWS codedeploy task then

We need to have some more granular control who can see, update, use an SSH key. Either to do this by user/group or by plan/project. Don't mind which, something it better than the nothing.

Right now when its shared, its shared globally so anyone in any project or plan can use it. A deployment plan with keys for the development environment should not be able to pick any key from a global bucket, which may include test or even production environment keys. 

The concept of shared credentials is fine. Its just we need to be able to choose who its shared with. Right now its ANY user of the Bamboo system with no ability to refine that.

This is crucial to prevent deployments to sensitive production servers from Bamboo.

We can limit deploy permissions with deploy environment permissions.
But this becomes competely useless when using a shared ssh or password credential. Any bamboo user can use this key in by creating their own plans

rvaldes, giles.forster, sandrews624132303 - I'd like to understand this request a bit more.
What do you mean by "access permission"?

• is this about who can see and use such credential while configuring a plan/deplyment?
• is this about who can run plan/deployment which uses such credential?
• any other usage aspect?

We're looking closely now at BAM-20412 and we think that alternative solution to having another global permission might be defining shared credentials on the project level and thus limiting access only to users of this project. Would such solution work for you?

This is a MUST from security point of view.

The speed at which new features get added to Bamboo by looking at the release notes probably means this is 10 years away.

We want to be able to limit access to a shared credential only to certain projects or to certain plans. Otherwise it will cause serious security issues for us.

An essential feature for those of us that use offshore resources

Hi,

Not only in AWS, SSH shared credentials also.