Encrypt the DataBase password in octopusserver.config

My security guys want to know if there’s a way to encrypt or at least obfuscate the database username & password that’s stored in plain text as part of octopusserver.config (somewhat like you can encrypt sensitive sections of web.config files. Granted it’s largely obfuscation but they think it’s better than nothing.

Hi Ben,

Thanks for getting in touch. Unfortunately, we don’t support a way to encrypt the Octopus server database connection string. Our best suggestion is to restrict the file access permissions to ensure only the user the Octopus service is running as can access the file. This further restricts it to ensure other users who have access to the server cannot access the config file.

Hope this helps.