This script demonstrates how to programmatically clear all sensitive variables in Projects and Variable Sets in an Octopus instance.
Usage
Provide values for the following:
- Octopus URL
- Octopus API Key
This script will clear all sensitive variable values from an Octopus instance. Take care when running this script or one based on it.
Script
PowerShell (REST API)
$ErrorActionPreference = "Stop";
# Define working variables
$octopusURL = "https://your-octopus-url"
$octopusAPIKey = "API-YOUR-KEY"
$header = @{ "X-Octopus-ApiKey" = $octopusAPIKey }
Function Clear-SensitiveVariables
{
# Define function variables
param ($VariableCollection)
# Loop through variables
foreach ($variable in $VariableCollection)
{
# Check for sensitive
if ($variable.IsSensitive)
{
$variable.Value = [string]::Empty
}
}
# Return collection
return $VariableCollection
}
# Get space
$space = (Invoke-RestMethod -Method Get -Uri "$octopusURL/api/spaces/all" -Headers $header) | Where-Object {$_.Name -eq $spaceName}
# Get all projects
$projects = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/projects/all" -Headers $header
# Loop through projects
foreach ($project in $projects)
{
# Get variable set
$variableSet = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/variables/$($project.VariableSetId)" -Headers $header
# Check for variables
if ($variableSet.Variables.Count -gt 0)
{
$variableSet.Variables = Clear-SensitiveVariables -VariableCollection $variableSet.Variables
# Update set
Invoke-RestMethod -Method Put -Uri "$octopusURL/api/$($space.Id)/variables/$($project.VariableSetId)" -Body ($variableSet | ConvertTo-Json -Depth 10) -Headers $header
}
}
# Get all variable sets
$variableSets = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/libraryvariablesets/all" -Headers $header
# Loop through variable sets
foreach ($variableSet in $variableSets)
{
# Get the variable set
$variableSet = Invoke-RestMethod -Method Get -Uri "$octopusURL/api/$($space.Id)/libraryvariablesets/$($variableSet.Id)" -Headers $header
# Check for variables
if ($variableSet.Variables.Count -gt 0)
{
$variableSet.Variables = Clear-SensitiveVariables -VariableCollection $variableSet.Variables
# Update set
Invoke-RestMethod -Method Put -Uri "$octopusURL/api/$($space.Id)/libraryvariablesets/$($variableSet.Id)" -Body ($variableSet | ConvertTo-Json -Depth 10) -Headers $header
}
}
PowerShell (Octopus.Client)
# Load octopus.client assembly
Add-Type -Path "path\to\Octopus.Client.dll"
# Octopus variables
$octopusURL = "https://your-octopus-url"
$octopusAPIKey = "API-YOUR-KEY"
$spaceName = "default"
$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURL, $octopusAPIKey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint
$client = New-Object Octopus.Client.OctopusClient $endpoint
Function Clear-SensitiveVariables
{
# Define function variables
param ($VariableSetId)
# Get the variable set
$variableSet = $repositoryForSpace.VariableSets.Get($VariableSetId)
# Loop through variables
foreach ($variable in $VariableSet)
{
# Check for sensitive
if ($variable.IsSensitive)
{
$variable.Value = [string]::Empty
}
}
# Update set
$repositoryForSpace.VariableSets.Modify($variableSet)
}
try
{
# Get space
$space = $repository.Spaces.FindByName($spaceName)
$repositoryForSpace = $client.ForSpace($space)
# Loop through projects
foreach ($project in $repositoryForSpace.Projects.GetAll())
{
# Clear the sensitive ones
Clear-SensitiveVariables -VariableSetId $project.VariableSetId
}
# Loop through variable sets
foreach ($librarySet in $repositoryForSpace.LibraryVariableSets.GetAll())
{
# Clear sensitive ones
Clear-SensitiveVariables -VariableSetId $librarySet.VariableSetId
}
}
catch
{
Write-Host $_.Exception.Message
}
C#
// If using .net Core, be sure to add the NuGet package of System.Security.Permissions
#r "path\to\Octopus.Client.dll"
// Declare working variables
var octopusURL = "https://your-octopus-url";
var octopusAPIKey = "API-YOUR-KEY";
var spaceName = "default";
// Create repository object
var endpoint = new OctopusServerEndpoint(octopusURL, octopusAPIKey);
var repository = new OctopusRepository(endpoint);
var client = new OctopusClient(endpoint);
try
{
// Get space
var space = repository.Spaces.FindByName(spaceName);
var repositoryForSpace = client.ForSpace(space);
// Loop through projects
foreach (var project in repositoryForSpace.Projects.GetAll())
{
var variableSet = repositoryForSpace.VariableSets.Get(project.VariableSetId);
foreach (var variable in variableSet.Variables)
{
if (variable.IsSensitive)
{
variable.Value = string.Empty;
}
}
repositoryForSpace.VariableSets.Modify(variableSet);
}
// Loop through variable sets
foreach (var librarySet in repositoryForSpace.LibraryVariableSets.FindAll())
{
var variableSet = repositoryForSpace.VariableSets.Get(librarySet.VariableSetId);
foreach (var variable in variableSet.Variables)
{
if (variable.IsSensitive)
{
variable.Value = string.Empty;
}
}
repositoryForSpace.VariableSets.Modify(variableSet);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
Python3
import json
import requests
from requests.api import get, head
def get_octopus_resource(uri, headers, skip_count = 0):
items = []
skip_querystring = ""
if '?' in uri:
skip_querystring = '&skip='
else:
skip_querystring = '?skip='
response = requests.get((uri + skip_querystring + str(skip_count)), headers=headers)
response.raise_for_status()
# Get results of API call
results = json.loads(response.content.decode('utf-8'))
# Store results
if 'Items' in results.keys():
items += results['Items']
# Check to see if there are more results
if (len(results['Items']) > 0) and (len(results['Items']) == results['ItemsPerPage']):
skip_count += results['ItemsPerPage']
items += get_octopus_resource(uri, headers, skip_count)
else:
return results
# return results
return items
# Define Octopus server variables
octopus_server_uri = 'https://your-octopus-url'
octopus_api_key = 'API-YOUR-KEY'
headers = {'X-Octopus-ApiKey': octopus_api_key}
space_name = "MySpace"
# Get space
uri = '{0}/api/spaces'.format(octopus_server_uri)
spaces = get_octopus_resource(uri, headers)
space = next((x for x in spaces if x['Name'] == space_name), None)
# Get all projects
uri = '{0}/api/{1}/projects'.format(octopus_server_uri, space['Id'])
projects = get_octopus_resource(uri, headers)
for project in projects:
uri = '{0}{1}'.format(octopus_server_uri, project['Links']['Variables'])
projectVariables = get_octopus_resource(uri, headers)
variablesUpdated = False
for variable in projectVariables['Variables']:
if variable['IsSensitive']:
variable['Value'] = ""
variablesUpdated = True
if variablesUpdated:
print ('Clearing sensitive variables for project {0}'.format(project['Name']))
uri = '{0}{1}'.format(octopus_server_uri, project['Links']['Variables'])
response = requests.put(uri, headers=headers, json=projectVariables)
response.raise_for_status
# Get all variable sets
uri = '{0}/api/{1}/libraryvariablesets'.format(octopus_server_uri, space['Id'])
variableSets = get_octopus_resource(uri, headers)
for variableSet in variableSets:
uri = '{0}{1}'.format(octopus_server_uri, variableSet['Links']['Variables'])
libraryVariables = get_octopus_resource(uri, headers)
variablesUpdated = False
for variable in libraryVariables['Variables']:
if variable['IsSensitive']:
variable['Value'] = ""
variablesUpdated = True
if variablesUpdated:
print ('Clearing sensitive variables for variable set {0}'.format(variableSet['Name']))
uri = '{0}{1}'.format(octopus_server_uri, variableSet['Links']['Variables'])
response = requests.put(uri, headers=headers, json=libraryVariables)
response.raise_for_status
Go
package main
import (
"fmt"
"log"
"net/url"
"github.com/OctopusDeploy/go-octopusdeploy/octopusdeploy"
)
func main() {
apiURL, err := url.Parse("https://your-octopus-url")
if err != nil {
log.Println(err)
}
APIKey := "API-YOUR-KEY"
spaceName := "MySpace"
// Get reference to space
space := GetSpace(apiURL, APIKey, spaceName)
// Get reference to all projects
projects := GetProjects(apiURL, APIKey, space)
// Loop through projects
for i := 0; i < len(projects); i++ {
//projectVariables := GetProjectVariables(apiURL, APIKey, projects[i])
projectVariables := GetVariables(apiURL, APIKey, space, projects[i].ID)
variablesUpdated := false
for j := 0; j < len(projectVariables.Variables); j++ {
if projectVariables.Variables[j].IsSensitive {
projectVariables.Variables[j].Value = ""
variablesUpdated = true
}
}
if variablesUpdated {
println("Variables for " + projects[i].Name + " have been updated")
UpdateVariables(apiURL, APIKey, space, projectVariables.OwnerID, projectVariables)
}
}
// Get reference to variable sets
librarySets := GetLibraryVariableSets(apiURL, APIKey, space)
// Loop through sets
for i := 0; i < len(librarySets); i++ {
librarySetVariables := GetVariables(apiURL, APIKey, space, librarySets[i].ID)
variablesUpdated := false
for j := 0; j < len(librarySetVariables.Variables); j++ {
if librarySetVariables.Variables[j].IsSensitive {
librarySetVariables.Variables[j].Value = ""
variablesUpdated = true
}
}
if variablesUpdated {
println("Variables for " + librarySets[i].Name + " have been updated")
UpdateVariables(apiURL, APIKey, space, librarySetVariables.OwnerID, librarySetVariables)
}
}
}
func octopusAuth(octopusURL *url.URL, APIKey, space string) *octopusdeploy.Client {
client, err := octopusdeploy.NewClient(nil, octopusURL, APIKey, space)
if err != nil {
log.Println(err)
}
return client
}
func GetSpace(octopusURL *url.URL, APIKey string, spaceName string) *octopusdeploy.Space {
client := octopusAuth(octopusURL, APIKey, "")
spaceQuery := octopusdeploy.SpacesQuery{
Name: spaceName,
}
// Get specific space object
spaces, err := client.Spaces.Get(spaceQuery)
if err != nil {
log.Println(err)
}
for _, space := range spaces.Items {
if space.Name == spaceName {
return space
}
}
return nil
}
func GetProjects(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space) []*octopusdeploy.Project {
// Create client object
client := octopusAuth(octopusURL, APIKey, space.ID)
// Get all projects
projects, err := client.Projects.GetAll()
if err != nil {
log.Println(err)
}
return projects
}
func GetVariables(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space, ownerID string) octopusdeploy.VariableSet {
// Create client object
client := octopusAuth(octopusURL, APIKey, space.ID)
// retrieve variables
variables, err := client.Variables.GetAll(ownerID)
if err != nil {
log.Println(err)
}
return variables
}
func GetLibraryVariableSets(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space) []*octopusdeploy.LibraryVariableSet {
// Create client object
client := octopusAuth(octopusURL, APIKey, space.ID)
librarySets, err := client.LibraryVariableSets.GetAll()
if err != nil {
log.Println(err)
}
return librarySets
}
func UpdateVariables(octopusURL *url.URL, APIKey string, space *octopusdeploy.Space, ownerID string, variables octopusdeploy.VariableSet) {
client := octopusAuth(octopusURL, APIKey, space.ID)
variableSet, err := client.Variables.Update(ownerID, variables)
if err != nil {
log.Println(err)
}
fmt.Println(variableSet.ID + " updated")
}
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Sunday, January 1, 2023