Sensitive Variables in Octopus

I want to use octopus variable that are marked ‘sensitive’ in my PowerShell, so that I can Mask them in my PROD config files.

Any help on this is appreciated

Hi @deeksha.agarwl,

Thanks for reaching out!

You can create sensitive variables in Octopus in much the same way you create regular variables.

If you haven’t had a chance to read it already, our Sensitive Variables documentation is a great resource for discovering how to create sensitive variables and how they’re handled within Octopus.

I hope this is the information you’re looking for! If you’re still not sure or you need further assistance please don’t hesitate to get back in touch.

Kind Regards,
Adam

I want to use sensitive variable in my powershell script. Is there is way in which i can filter the octopus variable ?

Hi @deeksha.agarwl,

Thanks for getting back to me!

You can use variables within Octopus inside Powershell scripts, there’s more information on that in our Variables docs.

Perhaps in particular interest to you is this part:

You can use this coupled with the information from the Sensitive Variables docs to reference these within scripts.

I hope this helps you get going! If not - I’m unsure if I’m fully understanding your issue.
If you’re able to give me a high-level use case for what it is you’re looking to do, I can perhaps better understand your issue and give you more helpful advice.

I look forward to your reply!

Kind Regards,
Adam

Use case - I have to add the config files from the Server in octopus Artifacts, before adding the files in artifact I need to MASK the sensitive values.

I need to do this on the basis of octopus variable which are Sensitive. The PowerShell to iterate through all the variable in scope and find out the sensitive variables.

Hi @deeksha.agarwl,

Just to make sure we’re on the same page in regards to what it is you’d like to do, I want to breakdown my understanding for your review:

You wish to perform a deployment.
Then, use Octopus variable substitution to insert sensitive variables into your config file.
Lastly, you wish to run a Powershell script that will mask the sensitive variables before uploading the config as an Artifact within Octopus?

Can you confirm that this is what you’re trying to accomplish?

Kind Regards,
Adam

Yes, you are correct.
In this I need help on last point only-

Lastly, you wish to run a Powershell script that will mask the sensitive variables before uploading the config as an Artifact within Octopus?

I have the method to mask the values, I don’t want to pass the values to be masked. I want to iterate through octopus variable and find the sensitive values, and if that sensitive value is present in the config file I will masked it.

Hi @deeksha.agarwl,

Are you looking for a method to determine which variables are sensitive?

Inside your variable snapshot, each variable should have an attribute IsSensitive.
Perhaps you could find the name of any variable listed as "IsSensitive": true and use the variable names to mask any values for variables matching that name?

Kind Regards,
Adam

Thank you @adam.hollow , do you have reference code for this?

Hi @deeksha.agarwl,

Unfortunately, I don’t have a direct reference that you can use.

However, I can point you in the direction of our script repo where you may be able to find something you can modify for your use case.

One thing that may help - if you’re looking to make a request to the Octopus API for a Variable Snapshot, the API endpoint for this will look similar to:
http://<OctopusServerName>/api/<spaceID>/variables/<ProjectVariableSnapshotId>

To confirm:

  • Head to http://OctopusServerName/api/<spaceId>/releases/ to find a specific release.
  • Take note of the attribute ProjectVariableSnapshotId
  • From there, you can add the attribute from the release to the following URL: http://<OctopusServerName>/api/<spaceID>/variables/<ProjectVariableSnapshotId>

This will provide you with an API endpoint for the variable snapshot specific to that release, allowing you to request the JSON list.

Please let me know how you get on or if I can help you further!

Kind Regards,
Adam

@adam.hollow Thank you so much for your help.

I got the below code, not able to get values in $projectVariables variable.

Add-Type -Path ‘…\Octopus Deploy\Tentacle\Octopus.Client.dll’
$apikey = ‘API-xxxxxxxxxxxxxxx’ # Get this from your profile
$octopusURI = ‘http://localhost’ # Your server address

$projectName = “Claims CI” # Enter project you want to search

$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURI, $apiKey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint

$project = $repository.Projects.FindByName($projectName)
$projectVariables = $repository.VariableSets.GET($project.VariableSetId)
$projectVariables.Variables

Hi @deeksha.agarwl,

I managed to get your script to print my variable snapshot!

The changes I made were to avoid referencing the Octopus.Client.dll within the tentacle install.

Where you have this:
Add-Type -Path ‘…\Octopus Deploy\Tentacle\Octopus.Client.dll’

I, instead used:

Install-Package Octopus.Client -source https://www.nuget.org/api/v2 -SkipDependencies
$path = Join-Path (Get-Item ((Get-Package Octopus.Client).source)).Directory.FullName "lib/net452/Octopus.Client.dll"
Add-Type -Path $path

However, I’m unsure if this will be the cause of your issue. Are you experiencing any errors in your output when running the script?

Any information you can provide would be helpful!

Kind Regards,
Adam

@adam.hollow Thank you so much for checking on this.

I am not getting any error, its just coming blank.

I am trying your solution and will let you know.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.