Cowboy in the desert.

New in 2.0: Sensitive variables

Very few applications make it to production without requiring at least some configuration data that is "sensitive". An application might need a password for an SMTP server, or an API key for a web service, or an encryption key for a billing gateway. In Octopus Deploy 2.0, we've added a great new way to manage these settings: sensitive variables. You can learn more about how to use this feature in the documentation page on variables.

Adding sensitive variables

When a variable is sensitive:

  • You can never retrieve the value from the API/UI (we assume you keep your passwords somewhere else if you need them)
  • The value is stored encrypted in the Octopus database
  • We'll do our best to prevent the value appearing in any logs

Of course, the value will be available for PowerShell scripts during the deployment, and can be inserted into any configuration files.

Sensitive variables is a feature that was on our UserVoice list for quite some time, and I think it will be a very useful feature for any deployment.

Tagged with: RFC