Clear sensitive variables
Last updated
This script demonstrates how to programmatically clear all sensitive variables in Projects and Library variable sets in an Octopus instance.
Usage
Provide values for the following:
- Octopus URL
- Octopus API Key
This script will clear all sensitive variable values from an Octopus instance. Take care when running this script or one based on it.
Script
$ErrorActionPreference = "Stop";
# Define working variables
$octopusURL = "https://youroctourl"
$octopusAPIKey = "API-YOURAPIKEY"
$header = @{ "X-Octopus-ApiKey" = $octopusAPIKey }
Function Clear-SensitiveVariables
{
# Define function variables
param ($VariableCollection)
# Loop through variables
foreach ($variable in $VariableCollection)
{
# Check for sensitive
if ($variable.IsSensitive)
{
$variable.Value = [string]::Empty
}
}
# Return collection
return $VariableCollection
}
# Get space
$space = (Invoke-RestMethod -Method Get -Uri "$octopusURL/api/spaces/all" -Headers $header) | Where-Object {$_.Name -eq $spaceName}
# Get all projects
$projects = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/projects/all" -Headers $header
# Loop through projects
foreach ($project in $projects)
{
# Get variable set
$variableSet = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/variables/$($project.VariableSetId)" -Headers $header
# Check for variables
if ($variableSet.Variables.Count -gt 0)
{
$variableSet.Variables = Clear-SensitiveVariables -VariableCollection $variableSet.Variables
# Update set
Invoke-RestMethod -Method Put -Uri "$octopusURL/api/$($space.Id)/variables/$($project.VariableSetId)" -Body ($variableSet | ConvertTo-Json -Depth 10) -Headers $header
}
}
# Get all libarary sets
$variableSets = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/libraryvariablesets/all" -Headers $header
# Loop through variablesets
foreach ($variableSet in $variableSets)
{
# Get the variableset
$variableSet = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/libraryvariablesets/$($variableSet.Id)" -Headers $header
# Check for variables
if ($variableSet.Variables.Count -gt 0)
{
$variableSet.Variables = Clear-SensitiveVariables -VariableCollection $variableSet.Variables
# Update set
Invoke-RestMethod -Method Put -Uri "$octopusURL/api/$($space.Id)/libraryvariablesets/$($variableSet.Id)" -Body ($variableSet | ConvertTo-Json -Depth 10) -Headers $header
}
}
# Load octopus.client assembly
Add-Type -Path "path\to\Octopus.Client.dll"
# Octopus variables
$octopusURL = "https://youroctourl"
$octopusAPIKey = "API-YOURAPIKEY"
$spaceName = "default"
$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURL, $octopusAPIKey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint
$client = New-Object Octopus.Client.OctopusClient $endpoint
Function Clear-SensitiveVariables
{
# Define function variables
param ($VariableSetId)
# Get the variable set
$variableSet = $repositoryForSpace.VariableSets.Get($VariableSetId)
# Loop through variables
foreach ($variable in $VariableSet)
{
# Check for sensitive
if ($variable.IsSensitive)
{
$variable.Value = [string]::Empty
}
}
# Update set
$repositoryForSpace.VariableSets.Modify($variableSet)
}
try
{
# Get space
$space = $repository.Spaces.FindByName($spaceName)
$repositoryForSpace = $client.ForSpace($space)
# Loop through projects
foreach ($project in $repositoryForSpace.Projects.GetAll())
{
# Clear the sensitive ones
Clear-SensitiveVariables -VariableSetId $project.VariableSetId
}
# Loop through library variable sets
foreach ($libararySet in $repositoryForSpace.LibraryVariableSets.GetAll())
{
# Clear sensitive ones
Clear-SensitiveVariables -VariableSetId $libararySet.VariableSetId
}
}
catch
{
Write-Host $_.Exception.Message
}
// If using .net Core, be sure to add the NuGet package of System.Security.Permissions
#r "path\to\Octopus.Client.dll"
// Declare working variables
var octopusURL = "https://youroctourl";
var octopusAPIKey = "API-YOURAPIKEY";
var spaceName = "default";
// Create repository object
var endpoint = new OctopusServerEndpoint(octopusURL, octopusAPIKey);
var repository = new OctopusRepository(endpoint);
var client = new OctopusClient(endpoint);
try
{
// Get space
var space = repository.Spaces.FindByName(spaceName);
var repositoryForSpace = client.ForSpace(space);
// Loop through projects
foreach (var project in repositoryForSpace.Projects.GetAll())
{
var variableSet = repositoryForSpace.VariableSets.Get(project.VariableSetId);
foreach (var variable in variableSet.Variables)
{
if (variable.IsSensitive)
{
variable.Value = string.Empty;
}
}
repositoryForSpace.VariableSets.Modify(variableSet);
}
// Loop through library sets
foreach (var librarySet in repositoryForSpace.LibraryVariableSets.FindAll())
{
var variableSet = repositoryForSpace.VariableSets.Get(librarySet.VariableSetId);
foreach (var variable in variableSet.Variables)
{
if (variable.IsSensitive)
{
variable.Value = string.Empty;
}
}
repositoryForSpace.VariableSets.Modify(variableSet);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
import json
import requests
from requests.api import get, head
def get_octopus_resource(uri, headers, skip_count = 0):
items = []
skip_querystring = ""
if '?' in uri:
skip_querystring = '&skip='
else:
skip_querystring = '?skip='
response = requests.get((uri + skip_querystring + str(skip_count)), headers=headers)
response.raise_for_status()
# Get results of API call
results = json.loads(response.content.decode('utf-8'))
# Store results
if 'Items' in results.keys():
items += results['Items']
# Check to see if there are more results
if (len(results['Items']) > 0) and (len(results['Items']) == results['ItemsPerPage']):
skip_count += results['ItemsPerPage']
items += get_octopus_resource(uri, headers, skip_count)
else:
return results
# return results
return items
# Define Octopus server variables
octopus_server_uri = 'https://YourURL'
octopus_api_key = 'API-YourAPIKey'
headers = {'X-Octopus-ApiKey': octopus_api_key}
space_name = "MySpace"
# Get space
uri = '{0}/api/spaces'.format(octopus_server_uri)
spaces = get_octopus_resource(uri, headers)
space = next((x for x in spaces if x['Name'] == space_name), None)
# Get all projects
uri = '{0}/api/{1}/projects'.format(octopus_server_uri, space['Id'])
projects = get_octopus_resource(uri, headers)
for project in projects:
uri = '{0}{1}'.format(octopus_server_uri, project['Links']['Variables'])
projectVariables = get_octopus_resource(uri, headers)
variablesUpdated = False
for variable in projectVariables['Variables']:
if variable['IsSensitive']:
variable['Value'] = ""
variablesUpdated = True
if variablesUpdated:
print ('Clearing sensitive variables for project {0}'.format(project['Name']))
uri = '{0}{1}'.format(octopus_server_uri, project['Links']['Variables'])
response = requests.put(uri, headers=headers, json=projectVariables)
response.raise_for_status
# Get all variable sets
uri = '{0}/api/{1}/libraryvariablesets'.format(octopus_server_uri, space['Id'])
variableSets = get_octopus_resource(uri, headers)
for variableSet in variableSets:
uri = '{0}{1}'.format(octopus_server_uri, variableSet['Links']['Variables'])
libraryVariables = get_octopus_resource(uri, headers)
variablesUpdated = False
for variable in libraryVariables['Variables']:
if variable['IsSensitive']:
variable['Value'] = ""
variablesUpdated = True
if variablesUpdated:
print ('Clearing senitive variables for library set {0}'.format(variableSet['Name']))
uri = '{0}{1}'.format(octopus_server_uri, variableSet['Links']['Variables'])
response = requests.put(uri, headers=headers, json=libraryVariables)
response.raise_for_status
package main
import (
"fmt"
"log"
"net/url"
"github.com/OctopusDeploy/go-octopusdeploy/octopusdeploy"
)
func main() {
apiURL, err := url.Parse("http://YourURL")
if err != nil {
log.Println(err)
}
APIKey := "API-YourAPIKey"
spaceName := "MySace"
// Get reference to space
space := GetSpace(apiURL, APIKey, spaceName)
// Get reference to all projects
projects := GetProjects(apiURL, APIKey, space)
// Loop through projects
for i := 0; i < len(projects); i++ {
//projectVariables := GetProjectVariables(apiURL, APIKey, projects[i])
projectVariables := GetVariables(apiURL, APIKey, space, projects[i].ID)
variablesUpdated := false
for j := 0; j < len(projectVariables.Variables); j++ {
if projectVariables.Variables[j].IsSensitive {
projectVariables.Variables[j].Value = ""
variablesUpdated = true
}
}
if variablesUpdated {
println("Variables for " + projects[i].Name + " have been updated")
UpdateVariables(apiURL, APIKey, space, projectVariables.OwnerID, projectVariables)
}
}
// Get reference to library variable sets
librarySets := GetLibraryVariableSets(apiURL, APIKey, space)
// Loop through sets
for i := 0; i < len(librarySets); i++ {
librarysetVariables := GetVariables(apiURL, APIKey, space, librarySets[i].ID)
variablesUpdated := false
for j := 0; j < len(librarysetVariables.Variables); j++ {
if librarysetVariables.Variables[j].IsSensitive {
librarysetVariables.Variables[j].Value = ""
variablesUpdated = true
}
}
if variablesUpdated {
println("Variables for " + librarySets[i].Name + " have been updated")
UpdateVariables(apiURL, APIKey, space, librarysetVariables.OwnerID, librarysetVariables)
}
}
}
func octopusAuth(octopusURL *url.URL, APIKey, space string) *octopusdeploy.Client {
client, err := octopusdeploy.NewClient(nil, octopusURL, APIKey, space)
if err != nil {
log.Println(err)
}
return client
}
func GetSpace(octopusURL *url.URL, APIKey string, spaceName string) *octopusdeploy.Space {
client := octopusAuth(octopusURL, APIKey, "")
spaceQuery := octopusdeploy.SpacesQuery{
Name: spaceName,
}
// Get specific space object
spaces, err := client.Spaces.Get(spaceQuery)
if err != nil {
log.Println(err)
}
for _, space := range spaces.Items {
if space.Name == spaceName {
return space
}
}
return nil
}
func GetProjects(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space) []*octopusdeploy.Project {
// Create client object
client := octopusAuth(octopusURL, APIKey, space.ID)
// Get all projects
projects, err := client.Projects.GetAll()
if err != nil {
log.Println(err)
}
return projects
}
func GetVariables(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space, ownerID string) octopusdeploy.VariableSet {
// Create client object
client := octopusAuth(octopusURL, APIKey, space.ID)
// retrieve variables
variables, err := client.Variables.GetAll(ownerID)
if err != nil {
log.Println(err)
}
return variables
}
func GetLibraryVariableSets(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space) []*octopusdeploy.LibraryVariableSet {
// Create client object
client := octopusAuth(octopusURL, APIKey, space.ID)
librarySets, err := client.LibraryVariableSets.GetAll()
if err != nil {
log.Println(err)
}
return librarySets
}
func UpdateVariables(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space, ownerID string, variables octopusdeploy.VariableSet) {
client := octopusAuth(octopusURL, APIKey, space.ID)
variableSet, err := client.Variables.Update(ownerID, variables)
if err != nil {
log.Println(err)
}
fmt.Println(variableSet.ID + " updated")
}
Need support? We're here to help.