Creating a vault in Octopus Deploy

andrew's Avatar

andrew

13 Jul, 2017 01:57 PM

Hi,

This has probably come up before, and it is more of a feature request, but wondering whether Octopus Deploy could be used as a secrets store itself?

Currently the variable feature in Octopus is very useful, but it doesn't cater for a few items:

- Sensitive variables ending up in plain-text config files;
- Applications with a lot of variables in config files give more info about the infrastructure etc should those config files be consumed by the wrong party;
- Changing variables requires re-deployment of the application as well as a new release;
- Ability to adapt variables based on specific conditions (i.e, infrastructure changes etc).

In a job I had several years ago we built a configuration management system that allowed the applications which used the libraries we made to dynamically get configuration values (in our case stored in a database). This meant that we could quickly change settings and those were picked up by the application.

Has anyone looked into writing such a feature for Octopus? I note there is Vault already which is used a lot in the *nix community, but .Net support is limited.

Andrew.

  1. Support Staff 1 Posted by Nick Josevski on 13 Jul, 2017 11:39 PM

    Nick Josevski's Avatar

    Hi Andrew,

    Thanks for getting in touch. Glad that you've found the sensitive variable feature and it's some help, unfortunately that's the extent of the capabilities in that area for Octopus.

    From our docs on sensitive variables https://octopus.com/docs/deploying-applications/variables/sensitive... :

    Use a password manager or key vault

    If you need to retrieve these values for other purposes, consider using a password manager or key vault. The support we provide in Octopus is to securely store values that will be used during deployment, and cannot be retrieved for any other purposes. There are plenty available, and some are free, like KeePass.

    The only suggestion I have for you is to head over to User Voice https://octopusdeploy.uservoice.com/ have a look if there's any existing feature requests you can add details for, making a case for the feature, my quick search found this one: https://octopusdeploy.uservoice.com/forums/170787-general/suggestio... maybe add extra details to that so we can consider that feature it in the future.

    Regards,
    Nick

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac