Octopus Deploy Build Agent Permissions
I’ve been using Octopus Deploy for many years across many companies and projects. I am either connecting to it from a build agent via VSTS or on-premise TFS. From a security point of view we want to have the VSTS/TFS build agent having the least permissions required for it to work with Octopus Deploy. This post lists the permissions required to make this work.
I use VSTS/TFS build agents to publish packages into the Octopus Deploy in-built package feed and create releases. Everything else is triggered from within Octopus Deploy regarding deployments.
My configuration is to create a new Role in Octopus Deploy called Build Agents. I then add a build service account to Octopus and generate an API key for it. This API key is then stored in VSTS/TFS for communicating with Octopus via a build.
The Build Agents role requires the following permissions