# Octopus Deploy

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FGKGOFEKV9NLKy8AYnY2T%2Fksm-header-octopus.png?alt=media&#x26;token=d77092a0-d3b4-4823-8498-f9927a0209f1" alt="Keeper Secrets Manager and Octopus Deploy"><figcaption><p>Octopus Deploy Integration with Keeper Secrets Manager</p></figcaption></figure>

## Features

* Retrieve secrets from the Keeper Vault to use in Octopus Deploy Library
* Inject credentials directly into Octopus Deploy projects
* Get files from the Keeper Vault

{% hint style="info" %}
For a complete list of Keeper Secrets Manager features see the [Overview](https://docs.keeper.io/en/keeperpam/secrets-manager/overview)
{% endhint %}

## Prerequisites

This page documents the Secrets Manager Octopus Deploy integration. In order to utilize this integration, you will need:

* Keeper Secrets Manager access (See the [Quick Start Guide](https://docs.keeper.io/en/keeperpam/secrets-manager/quick-start-guide) for more details)
  * Secrets Manager addon enabled for your Keeper account
  * Membership in a Role with the Secrets Manager enforcement policy enabled
* A Keeper [Secrets Manager Application](https://docs.keeper.io/en/keeperpam/about/terminology#application) with secrets shared to it
  * See the [Quick Start Guide](https://docs.keeper.io/en/keeperpam/quick-start-guide#2.-create-an-application) for instructions on creating an Application
* An initialized Keeper [Secrets Manager Configuration](https://docs.keeper.io/en/keeperpam/secrets-manager/about/secrets-manager-configuration)
  * The Octopus Deploy integration accepts Base 64 format configurations

## About

The Keeper Octopus Deploy Step Template utilizes Keeper Secrets Manager to provide access to secret credentials saved in the Keeper Vault. The script allows for injecting secrets directly into Octopus Deploy projects securely using Keeper's zero-knowledge infrastructure.

## Installation

### Community Step Template

To use the step template directly from [Community Step Templates](https://octopus.com/docs/projects/community-step-templates):\
**Navigate:** *Library > Step Templates > Community Step Templates > Browse Library*\
**Search:** "Keeper Secrets Manager - Retrieve Secrets" *> Install > Save*

### Custom Step Template

To add as a [Custom Step Template](https://octopus.com/docs/projects/custom-step-templates):\
**Navigate:** *Library > Step Templates > Custom Step Templates > Import*\
Paste the JSON obtained from community contributed [templates library](https://library.octopus.com/listing)

## Step Configuration

### Settings

**Name:** Keeper Secrets Manager - Retrieve Secrets\
\
**Description:** This step retrieves one or more secrets from a Keeper Vault and creates sensitive output variables for each value retrieved. These values can be used in other steps in your deployment or runbook process.\
\&#xNAN;*You can retrieve secrets using Keeper Notation URIs, and you can choose a custom output variable name for each secret.*\
\
**Required:**

* A [Keeper Secrets Manager](https://docs.keeper.io/keeperpam) application with permissions to retrieve secrets from the Keeper Vault.
* PowerShell 6.0 or greater
* `Microsoft.Powershell.SecretManagement` Module
* The `SecretManagement.Keeper.Extension` PowerShell module installed on the target or worker. If the module can't be found, the step will fail. The `SecretManagement.Keeper` module(s) can be installed from the [PowerShell gallery](https://www.powershellgallery.com/packages/SecretManagement.Keeper).
  * The `SecretManagement.Keeper.Extension` is nested inside the `SecretManagement.Keeper` module.

### Parameters

**Keeper Secrets Manager Configuration** (type: Sensitive)\
**Variable name:** `#{Keeper.SecretsManager.RetrieveSecrets.Config}`\
Keeper Secrets Manager [configuration](https://docs.keeper.io/en/keeperpam/about/one-time-token#with-an-existing-application) for [KSM Application](https://docs.keeper.io/en/keeperpam/secrets-manager/quick-start-guide) with permissions to retrieve secrets from the Keeper Vault. To generate KSM Configuration in Web Vault: *Secrets Manager - KSM Application Name - Edit - Add Device, and switch to Method: Configuration file, preferably in Base64 format.*

**Vault Secrets to retrieve** (type: Multi-line text box)\
**Variable name:** `#{Keeper.SecretsManager.RetrieveSecrets.VaultSecrets}`\
Use [Secrets Manager Notation URIs](https://docs.keeper.io/en/keeperpam/secrets-manager/about/keeper-notation) to specify the Secrets to be returned from Keeper Vault, in the format `SecretsManagerNotation URI | OutputVariableName` where:

* `OutputVariableName` is the *optional* Octopus [output variable](https://octopus.com/docs/projects/variables/output-variables) name to store the secret's value in. *If this value isn't specified, an output name will be generated dynamically*.

{% hint style="info" %}
*Multiple fields can be retrieved by entering each one on a new line. The line format is* `Notation | variable` *, where the variable name part is optional and if omitted auto generated variable names are used in the form of KsmSecret1, KsmSecret2, ...etc.*
{% endhint %}

```
V8lFbio0Bs0LuvaSD5DDHA/field/login | MyLogin
V8lFbio0Bs0LuvaSD5DDHA/field/password | MyPass
V8lFbio0Bs0LuvaSD5DDHA/custom_field/phone[1][number] | MyOtherPhoneNum
V8lFbio0Bs0LuvaSD5DDHA/file/IMG_0036.png | MyImageBase64
```

**Print output variable names** (type: Checkbox)\
**Variable name:** `#{Keeper.SecretsManager.RetrieveSecrets.PrintVariableNames}`\
Write out the Octopus [output variable](https://octopus.com/docs/projects/variables/output-variables) names to the task log.\
Default: `False`