Octopus managing private keys


My env is highly dependent on Octopus to control credentials that will reach my destination servers, including private keys used in API authentication. Is it possible for Octopus to generate the (asymmetric) private/public keys internally so users don’t have to manually handle this sensitive information outside Octopus itself except from the public key?

Good morning @0-islets-cacti,

Thank you for contacting Octopus Support and great question on if Octopus can generate public / private keys for the certificates used for applications on your designation servers.

Unfortunately this is not possible at this moment, I do not think we would bring this functionality in as usually when you generate a certificate for application use with a private key you have to generate it in a certain way or with certain criteria (such as a CN name etc).

If Octopus generated it it may not be in the format needed for your destination servers.

We do integrate with Azure Key Vault if that would be of any use to you at all, we have a blog post on this here if you wanted to take a look and see if it would suit your needs.

I am sorry I do not have better news for you but hopefully you are able to utilise Azure Key Vaults, if not your certificates will need to keep being generated manually and then input into Octopus.

Let me know if I am not on the right track with what you were asking too and if so could you elaborate a bit more on a use case you have in mind for this and I will see if I can help.

Kind Regards,

Thank you! The advise is clear. Octopus is designed to deploy, so it is better for it to keep doing at its best what is made for, and let other available tools do what they are made for.

Thank you so much!