fleet
fleet copied to clipboard
fleetdm
fleetctl apply/gitops to support environment variables for MDM profiles
Goal
| User story |
|---|
| As an IT admin, |
| I want MDM profiles to be processed with env variables like $MY_SECRET |
| so that I can hide my MDM secrets in environment variables. |
Context
- Requestor(s): _________________________
- Product designer: _________________________
The following workaround can be currently used in scripts or GitHub workflows:
- name: Apply env vars to profiles
env:
MANAGED_CHROME_ENROLLMENT_TOKEN: ${{ secrets.CLOUD_MANAGEMENT_ENROLLMENT_TOKEN }}
run: |
envsubst < ./it-and-security/lib/configuration-profiles/macos-chrome-enrollment.mobileconfig > ./it-and-security/lib/configuration-profiles/macos-chrome-enrollment.confidential.mobileconfig
mv ./it-and-security/lib/configuration-profiles/macos-chrome-enrollment.confidential.mobileconfig ./it-and-security/lib/configuration-profiles/macos-chrome-enrollment.mobileconfig
Changes
Product
- [ ] UI changes: TODO
- [ ] CLI usage changes: TODO
- [ ] REST API changes: TODO
- [ ] Permissions changes: TODO
- [ ] Outdated documentation changes: TODO
- [ ] Changes to paid features or tiers: TODO
Engineering
- [ ] Database schema migrations: TODO
- [ ] Load testing: TODO
ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".
QA
Risk assessment
- Requires load testing: TODO
- Risk level: Low / High TODO
- Risk description: TODO
Manual testing steps
- Step 1
- Step 2
- Step 3
Testing notes
Confirmation
- [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
- [ ] QA (@____): Added comment to user story confirming successful completion of QA.
