I was able to get this to work using the DSC Resource OctopusDSC, however there is one security concern that I can’t figure out how to get around. This might be more of a DSC question but thought maybe you would have some ideas. The issue is to get this to work the API key is in clear text in the configuration file and the MOF file. We can probably limit access to the MOF file but not sure how to get around it being in the configuration file. Is there a way to make the API call using credentials instead of an API key? Can we limit the permissions to the API key so that all it’s able to do is install and register a tentacle? Thanks for the help.
Hi Matt,
Thanks for getting in touch! In Octopus you have the ability to create a ‘service account’ user and generate an API key for it.
It will never be able to log into the web portal, or have access to it, and you can limit its permissions very strictly.
It would be our recommendation for automating installs and using the API keys.
Hope that helps!
Vanessa