Creating a vault in Octopus Deploy


This has probably come up before, and it is more of a feature request, but wondering whether Octopus Deploy could be used as a secrets store itself?

Currently the variable feature in Octopus is very useful, but it doesn’t cater for a few items:

  • Sensitive variables ending up in plain-text config files;
  • Applications with a lot of variables in config files give more info about the infrastructure etc should those config files be consumed by the wrong party;
  • Changing variables requires re-deployment of the application as well as a new release;
  • Ability to adapt variables based on specific conditions (i.e, infrastructure changes etc).

In a job I had several years ago we built a configuration management system that allowed the applications which used the libraries we made to dynamically get configuration values (in our case stored in a database). This meant that we could quickly change settings and those were picked up by the application.

Has anyone looked into writing such a feature for Octopus? I note there is Vault already which is used a lot in the *nix community, but .Net support is limited.


Hi Andrew,

Thanks for getting in touch. Glad that you’ve found the sensitive variable feature and it’s some help, unfortunately that’s the extent of the capabilities in that area for Octopus.

From our docs on sensitive variables :

Use a password manager or key vault

If you need to retrieve these values for other purposes, consider using a password manager or key vault. The support we provide in Octopus is to securely store values that will be used during deployment, and cannot be retrieved for any other purposes. There are plenty available, and some are free, like KeePass.

The only suggestion I have for you is to head over to User Voice have a look if there’s any existing feature requests you can add details for, making a case for the feature, my quick search found this one: maybe add extra details to that so we can consider that feature it in the future.