Identify a Sensitive Variable

I am setting up my project to use Kubernetes. Best practice for Kuberentes is to not pass in sensitive variables as Environment Variables (into the container). To facilitate this, I plan to have my deployments create a Kubernetes Secret for my Octopus Variables that have the Octopus Deploy Type of “Sensitive”.

Is there a way, from my PowerShell script, that I can know if a variable is “Sensitive”?

I tried this, but it just returned an empty string:

Write-Output "Variable Type: $($OctopusParameters["SecretVariable"].Type)"

I realized that there will likely not be a good answer to this question. Since all variables in Octopus are just strings (no metadata).

I will deal with this by adding a convention of prepending “Secret.” to the front of all the variables I want to treat as sensitive in my deploy process.

Hey @OctopusSchaff ,

I think prefixing is a good call here, but I wanted to mention one other option in case it helped.

You can also hit the Octopus API to get just sensitive values with something like this in PowerShell:

##CONFIG
$OctopusURL = "https://youroctopusinstance.octopus.app" #Octopus URL
$OctopusAPIKey = "API-YOURAPIKEY" #Octopus API Key

$DeploymentID = $OctopusParameters["Octopus.Deployment.Id"] #ID of the deployment you want to get the variable from. E.g. Deployments-41

##PROCESS##
$header = @{ "X-Octopus-ApiKey" = $octopusAPIKey }

$sensitiveVariables = ((Invoke-WebRequest -Method Get $OctopusURL/api/variables/variableset-$DeploymentID -Headers $header).Content | ConvertFrom-Json).Variables | Where-Object { $_.Type -eq "Sensitive"}

foreach($var in $sensitiveVariables) {
 Write-Host "$($var.Name)" 
}

Maybe not ideal for your use case, but definitely an option. Feel free to reach out if you run into any challenges or have any additional questions, happy to help!