I have a variable called SMTPPassword that updates the web.config using “Automatically update appSettings and connectionString elements in any .config files”

It always displays the value in the output even when OctopusPrintVariables is set to false.

Example:

2013-09-23 16:59:57 DEBUG [XML Configuration] Setting //[local-name()=‘appSettings’]/[local-name()=‘add’][@key=‘SMTPPassword’] to ‘MyPassword’

How can we fix it? Our developers need to see the output but cannot know the passwords.

Also, we notice that “XML transformation” never get applied unless “XML variables” is checked. Is that a bug?

Hi Anthony,

We have plans to better support sensitive variables in Octopus 2.0, but for now there isn’t much we can do. You could set up your permissions so that only a handful of people have access to view deployment logs - that’s currently the best workaround.

Re: XML variables, yes, that sounds like a bug unfortunately. Thanks for letting us know.

Paul