API Key in scripts in plain text

Hi. Just wondering if anyone has solved this. I’d like to set up some scheduled automated scripts to do things like cleanup tasks that have been forgotten at manual steps. I’m just wondering how best to keep the API in such a script secure. Currently, anyone who has access to the script will see the key in plain text.


$OctopusURL = "http://octopus"
$OctopusAPIKey = "API-1234567890ABCDEFGHIJKLMNOP"
Set-OctopusConnectionInfo -URL $OctopusURL -APIKey $OctopusAPIKey

Does anyone have any ideas?

Hi Daniel,

Have you consider storing the secret as an environment variable or as a text file, the text file can be ACLed for extra security ?