How to select or pass Certificate as Prompt variable while running a Runbook

Hi guys,

We are busy developing a pipeline where we are renewing our expiring certificates and uploading them to the Ocoptus Certificate Library. After uploading we need a runbook which can download the cert and deploy it to targets defined in the scope of the Certificate. I am able to use Octopus Client in powershell to get the certificates but not able to download it. So I tried another way where user can select certificate through Prompt variable. I can set a variable for certificate as Prompt variable but at the time of deployment it doesn’t allow me to select the certificate from octopus library. While setting up a prompt variable as certificate type it is mandatory to select a certificate. I am not able to select a certificate at the time of deployment. Is there a way to achieve this.

Hi @rohitvermasrt!

Sadly, I don’t have a great answer for you on how to do this. It would need to be a manually-configured process. As I was writing up the below response, I definitely see a use case for better support of certificates in this scenario, I’ll reach out to our Product engineers and see if we can get this improved. I would also suggest heading over to our UserVoice site and putting in a feature request here, so our team can monitor the demand.

Saying that, if you would like to get something like this working, the following steps should work to give you this functionality in the meantime:

2 Runbooks (or 1 runbook and 1 deployment process), an orchestrator, and an executor:


  • This would be configured with the actual deployment steps that you want to do with the new certificate (run the Install a Certificate step etc).
  • It would look to the project variables to determine which certificate to use (a non-prompted variable)


  • Has a prompted variable for the certificate you want to find, I imagine this would be the certificate “friendly name”, or perhaps the server name of the certificate that you want to deploy.
  • Performs an API call to /api/certificates/all, finding a matching certificate based on your search criteria. (Example script)
  • Updates the certificate variable for the project with the matching certificate’s internal ID. (Example script)
  • Performs API call to create a new release or the deployment process, or publish a new snapshot of the Executor runbook (depending on whether you’re using 2 runbooks or a runbook and a deployment process) (Example script)
  • Creates a deployment task for the latest release of the Executor. (Example script)

I hope this helps, and I look forward to being able to tell a better story here in the future!

Thank you @Justin_Walsh for getting back to me.

The proposed solution sounds good to me. Will give it a try and let you know. Thank you again.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.