Subscription Webhook Security

Hi,
We are wanting to set up a webhook via a subscription to collect release creation. We have configured everything and got a spike working nicely, however we want to secure the interaction between octopus and the API collecting the events. I see you can set a header and value for an API key or something. However the value is in the clear and not stored as a secret. I appreciate, that you can set RBAC on administering subscriptions, but this may not be enough for our use case. We would like to be guarded against mis-configuration of the octopus server.
Are there any plans to be able to store the value for the header as a sensitive value, in the same way that variables can be stored as sensitive?

(Note - the api collecting the events is a forwarder, like in some of the examples with slack etc, but we still would like it to be more secure)

Thanks
Simon.

Hi Simon,

Thanks for getting in touch!

I don’t believe there are any plans for this currently, but I will bring this to the attention of our engineers to see if it is something that we can improve.

Regards,
Paul

the would be great - thx

1 Like