We are wanting to set up a webhook via a subscription to collect release creation. We have configured everything and got a spike working nicely, however we want to secure the interaction between octopus and the API collecting the events. I see you can set a header and value for an API key or something. However the value is in the clear and not stored as a secret. I appreciate, that you can set RBAC on administering subscriptions, but this may not be enough for our use case. We would like to be guarded against mis-configuration of the octopus server.
Are there any plans to be able to store the value for the header as a sensitive value, in the same way that variables can be stored as sensitive?
(Note - the api collecting the events is a forwarder, like in some of the examples with slack etc, but we still would like it to be more secure)