Octopus Deploy API Key

Description

General

• Documentation: https://octopus.com/docs/octopus-rest-api
• Summary: Octopus Deploy facilates release management and ensures that it is auditable and compliant. Every user has an API portal that they can access by providing a valid host/key pair. This detector is capable of catching the host/key pair.
• IPs allowlist: This feature is not currently available.
• Scopes: API keys creation process is described in this page. All keys have the same permissions.

Revoke the secret

The API key can be revoked via the "My API Keys" section of the user's profile, the same page on which keys are created.

Check for suspicious activity

Octopus Deploy provides continuous logging for its 'Octopus' and 'Tentacle' services. These logs can help identify suspicious activities.

Details for Octopus api key

• Family: Api

• Category: CI/CD

• Company: Octopus Deploy

• High recall: False

• Validity check available: True

• On-premise instances exist: True

• Only valid secrets raise an alert: False

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.08

• Prefixed: False

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - api-

Examples

- text: |-
    octopus_server: https://gg.octopus.app/
    octopus_api_key: API-QVNQNEYQKWRCXWYK57PIOISUWYQ3MYU
  host: https://gg.octopus.app
  apikey: API-QVNQNEYQKWRCXWYK57PIOISUWYQ3MYU

Was this page helpful?