I’m deploying Docker container and I require a certificate to be available when the app starts. I’m thinking of simply mounting a volume, store the certificate on disk and then use path/password to load the certificate at application startup.
How can I download the certificate to disk? Certificates are managed by Octopus.
You can use certificate variables to extract the certificate in the desired format.
e.g. $OctopusParameters["CertName.CertificatePem"] | Out-File $pfxPath -Force -Verbose
When working with this in the past I’ve noticed a few oddities, such as when using RawOriginal, the output seemed to be base64 encoded requiring it to be decoded first.
e.g.
Thanks for quick answer. It seem there is no pwsh on target… Can it be done in bash?
#!/bin/bash
CERT=CertName
PATH=$(get_octopusvariable 'Octopus.Action.Package.InstallationDirectoryPath')
PFX=$PATH/tsc.pfx
echo "Downloading $CERT to $PFX"
# TODO How to output
cat $(get_octopusvariable $CERT.CertificatePem) >> $PFX
Just tried it and it seem that the PATH (Octopus.Action.Package.InstallationDirectoryPath) is null. How can I get the location for the current deploy folder?
Octopus.Action.Package.InstallationDirectoryPath returns the location that the package in the current step is extracted to. If this bash script is running in a separate step to the package extraction it won’t be available.
The options would be to either use a custom installation directory within the package step, and use a project variable for this value which you could then use again in the bash script.
e.g.
Or add the custom scripts feature to the package deploy step, and add a script that adds to an output variable.
e.g. Set-OctopusVariable -name "installFolder" -value $(get_octopusvariable 'Octopus.Action.Package.InstallationDirectoryPath')
I took another way by utilizing a Docker entrypoint script and the .NET certificate tool. So basically
#!/bin/bash
if [ ! -z $1 ]; then
# Getting the expected string to pass to raw isn't obvious
# In Powershell:
# $fileName = "PFX file name"
# $bytes = Get-Content $fileName.pfx -Encoding Byte
# [System.Convert]::ToBase64String($bytes) | Out-File $fileName.txt
# IMPORTANT! Open notepad++ and ensure no BOM and encoding is UTF8
raw=$1
password=$2
thumbprint=$3
echo "Install certificate with thumbprint $thumbprint"
/tools/certificate-tool add -b $raw -p $password -t $thumbprint
lastexitcode=$?
if [ $lastexitcode -ne 0 ]; then
echo "Error installing certificate"
exit $lastexitcode
fi
fi
dotnet app.dll
Then I pass the values in from Run a Docker container step by passing them using Additional Arguments > Command field. Not additional arguments since they need to be last in the invocation.
This way I don’t need to mount volume or files nor pollute environment variables.