SQL Connection String Query

Hi,

We changed the service account on Octopus and in the database to use a different username. I got the Database admins to replicate the previous permissions.

The connection string via the Octopus Server config looked like this beforehand

Integrated Security=False;UID=username1;PWD=RPoole

But now it’s exposing the actual password

Integrated Security=False;UID=username1;Password=P@ssw0rd1

When I switched it back to PWD=RPoole I get this error in the eventlogs

2022-08-19 14:33:36.1562 6568 16 FATAL Unhandled AppDomain exception occurred: SQL Error 18456 - Login failed for user ‘username1’.
Microsoft.Data.SqlClient.SqlException
at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

Ideally we wouldn’t want the password exposed in the server config file. Is there something I’ve missed?

Thanks

Dan

Hey @daniel.witter,

Thanks for reaching out to Octopus Support!

Normally with Integrated Security set to False, this would mean that the username and password are provided inside the connection string and unfortunately I don’t believe there is a scenario where this wouldn’t be exposed in the server logs.

You could try to use Windows Auth, which would log in to the database via the service account that Octopus is running on.
This would mean configuring your SQL server to accept windows auth and providing the Octopus service account with the correct permissions, however, it will remove the need to specify the password in the connection string.

Apologies I couldn’t provide a better answer for you but if you have any further questions or concerns, please don’t hesitate to reply back and I’ll do my best to answer them for you.

Kind Regards,
Adam

Hi Adam,

Thanks, that makes sense, appreciate the quick response.

Regards,

Dan

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.