Sensitive along with prompt variable is not working

US1-DevSecOps · 6 March 2023 07:12

Hi Team,

Need help with following user case:

Sensitive along with prompt variable is not working.

ProjectA: Octopus Deploy
Variable: Passphrase
Type: Text
Status: Working

ProjectB: Octopus Deploy
Variable: Passphrase
Type: Sensitive & Prompt Variable
Status: Not Working

ProjectB: Octopus Deploy
Variable: Passphrase
Type: Text
Status: Not Working

Thanks
Vivek

paul.calvert · 6 March 2023 08:31

Hi Vivek,

Thanks for getting in touch!

Can you expand a little more on how you’re trying to use the sensitive variable and the exact issue you’re encountering?

It looks like even when you set the variable to Text it also didn’t work?
If that is the case, then the problem may be that the scoping on the variable is incorrect.

To help troubleshoot that it can be useful to navigate to Project > Variables > Preview and apply the relevant filters to ensure that the variable appears in the list.

Another option would be to add the system variable OctopusPrintEvaluatedVariables with a value of true to your project variables. This will then list all of the variables and values available to each step within the task log.

Regards,
Paul

US1-DevSecOps · 6 March 2023 09:49

Hi @paul.calvert

Thanks for writing back.

Here is the details:

I have PowerShell script which is responsible to connect with SFTP server via winscp . I am able to connect successfully with the variables values I am passing manually via Windows PowerShell ISE but when I am trying it octopus deploy it is getting failed.
I have enabled the system variable setting as you have suggested. Please have the PowerShell script along with task id. Also, octopus deploy deals differently for Exit Code 0. If you see in release, the step is actually failed but octopus deploy still make is successful.

Octopus Task ID: PowerShell

PowerShell Code:

Write-Host $HostName
Write-Host $PortNumber
Write-Host $UserName
Write-Host $SshHostKeyFingerprint
Write-Host $SshPrivateKeyPath
Write-Host "Passphrase Variable" $Passphrase
Write-Host $FTPDirectory
Write-Host $LocalPath

$ErrorActionPreference = 'Stop';

# Execute PowerShell In Administrator Mode
If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }

# Setup Secure Passphrase Variable
$SecurePassphrase = ConvertTo-SecureString $Passphrase -AsPlainText -Force
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassphrase)
$UnsecurePassphrase = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
Write-Host "UnsecurePassphrase Variable" $UnsecurePassphrase

# Load WinSCP Dot Net Assembly From WinSCP Installtion Directory
Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"

# Set Up SFTP Session Options
$SessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol              = [WinSCP.Protocol]::Sftp
    HostName              = "$HostName"
    PortNumber            = "$PortNumber"
    UserName              = "$UserName"
    SshHostKeyFingerprint = "$SshHostKeyFingerprint"
    SshPrivateKeyPath     = "$SshPrivateKeyPath"
    PrivateKeyPassphrase  = "$Passphrase"
}

# Established SFTP Connection
$Session = New-Object WinSCP.Session

# Close Connection If Already Open
if ($null -eq ($Session.Opened)) {
    Write-Host "Connection Is Already Open"
    Write-Host "Disposing ALL Active Connection"
    # Disconnect SFTP Session
    $Session.Dispose()
}

try {
    # Connect & Open Session To Jenkon SFTP Using Session Options
    $Session.Open($SessionOptions)
    if ($null -ne ($Session.Opened)) {
        Write-Host "Jenkon SFTP Connection Is Successfully Established"
    }   
}
catch {
    Write-Host "Jenkon SFTP Connection Failed" `n
    Write-Host $Error[0].Exception -ErrorAction Stop
    break;
}
Write-Host "Script Pass"

Thanks
Vivek

paul.calvert · 6 March 2023 10:08

Are you happy for me to log in to your instance to look through the logs?

US1-DevSecOps · 6 March 2023 10:32

Hi @paul.calvert

Please go ahead.

Thanks
Vivek

paul.calvert · 6 March 2023 12:55

I’ve looked through the logs, and the variable is being evaluated correctly within the script. So, all I can suggest is to confirm that the passphrase being used is correct. You could try copying it out of Octopus and running the script outside of Octopus so see if the same error occurs.

Regarding the step showing as success when it is encountering an error, Octopus will only show a failed deployment if it receives a non-zero exit code. The error message suggests that it may be sending a zero code despite the issue e.g. Server sent command exit status 0.

You may need to amend your catch block to set the exit code.
Adding $global:LASTEXITCODE might work, otherwise you can set the code directly with exit <nonzero-integer>

system · 6 April 2023 12:56

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.