Skip to main content

Octopus Deploy API Key

Description#

General#

  • Documentation: https://octopus.com/docs/octopus-rest-api
  • Summary: Octopus Deploy facilates release management and ensures that it is auditable and compliant. Every user has an API portal that they can access by providing a valid host/key pair. This detector is capable of catching the host/key pair.
  • IPs allowlist: This feature is not currently available.
  • Scopes: API keys creation process is described in this page. All keys have the same permissions.

Revoke the secret#

The API key can be revoked via the "My API Keys" section of the user's profile, the same page on which keys are created.

Check for suspicious activity#

Octopus Deploy provides continuous logging for its 'Octopus' and 'Tentacle' services. These logs can help identify suspicious activities.

Details for Octopus api key#

  • Family: Api

  • Category: CI/CD

  • Company: Octopus Deploy

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.08

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - api-

Examples#

- text: |-    octopus_server: https://gg.octopus.app/    octopus_api_key: API-QVNQNEYQKWRCXWYK57PIOISUWYQ3MYU  host: https://gg.octopus.app  apikey: API-QVNQNEYQKWRCXWYK57PIOISUWYQ3MYU