I am setting up my project to use Kubernetes. Best practice for Kuberentes is to not pass in sensitive variables as Environment Variables (into the container). To facilitate this, I plan to have my deployments create a Kubernetes Secret for my Octopus Variables that have the Octopus Deploy Type of “Sensitive”.
Is there a way, from my PowerShell script, that I can know if a variable is “Sensitive”?
I tried this, but it just returned an empty string:
I realized that there will likely not be a good answer to this question. Since all variables in Octopus are just strings (no metadata).
I will deal with this by adding a convention of prepending “Secret.” to the front of all the variables I want to treat as sensitive in my deploy process.
I think prefixing is a good call here, but I wanted to mention one other option in case it helped.
You can also hit the Octopus API to get just sensitive values with something like this in PowerShell:
##CONFIG
$OctopusURL = "https://youroctopusinstance.octopus.app" #Octopus URL
$OctopusAPIKey = "API-YOURAPIKEY" #Octopus API Key
$DeploymentID = $OctopusParameters["Octopus.Deployment.Id"] #ID of the deployment you want to get the variable from. E.g. Deployments-41
##PROCESS##
$header = @{ "X-Octopus-ApiKey" = $octopusAPIKey }
$sensitiveVariables = ((Invoke-WebRequest -Method Get $OctopusURL/api/variables/variableset-$DeploymentID -Headers $header).Content | ConvertFrom-Json).Variables | Where-Object { $_.Type -eq "Sensitive"}
foreach($var in $sensitiveVariables) {
Write-Host "$($var.Name)"
}
Maybe not ideal for your use case, but definitely an option. Feel free to reach out if you run into any challenges or have any additional questions, happy to help!