In the variable-editor, selecting Certificate as the variable type allows you to create a variable with a certificate managed by Octopus as the value.
Certificate variables can be scoped, similar to regular text variables.
At deploy-time, Certificate variables are expanded. For example, a variable MyCertificate becomes:
|MyCertificate||The certificate ID||Certificates-1|
|MyCertificate.Type||The variable type||Certificate|
|MyCertificate.Name||The user-provided name||My Development Certificate|
|MyCertificate.RawOriginal||The base64 encoded original file, exactly as it was uploaded.|
|MyCertificate.Password||The password specified when the file was uploaded.|
|MyCertificate.Pfx||The base64 encoded certificate in PKCS#12 format, including the private-key if present.|
|MyCertificate.Certificate||The base64 encoded DER ASN.1 certificate.|
|MyCertificate.PrivateKey||The base64 encoded DER ASN.1 private key.|
|MyCertificate.CertificatePem||The PEM representation of the certificate (i.e. the PublicKey with header\footer).|
|MyCertificate.PrivateKeyPem||The PEM representation of the private key (i.e. the PrivateKey with header\footer).|
|MyCertificate.Subject||The X.500 distinguished name of the subject|
|MyCertificate.Issuer||The X.500 distinguished name of the issuer|
For example, to access the certificate thumbprint in a PowerShell script:
The variables which contain the private-key (if present) will be stored and transmitted as sensitive-variables.