Is the certificate for a n exported tentacle a secret?

I am currently trying to install an octopusdeploy tentacle in an automated fashion using puppet. Unfortunately after the install I use tentacle.exe to generate a new certificate for the tentacle but it blows up saying certification generation requires a user profile to be loaded because of its usage of the windows dpapi. According to the documentation the recommended way for automating this process is to import an already existing certificate into this new tentacle using a file. My question now is the following. If I store the pregenerated certificate in a text file on the node to be used for the certificate import is it okay to leave this file on the file system? Are the contents inside this file supposed to be kept a secret and locked away?

Hi Michael,

That file contains the certificate private-key, and should be considered sensitive.

We would recommend deleting the file once it has been imported.

Regards,
Michael R