Octopus Deploy Sync
Learn how to configure an Octopus Deploy Sync for Hanzo KMS.
Prerequisites:
- Create an Octopus Deploy Connection
Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button.
Configure the Source from where secrets should be retrieved, then click Next.
- Environment: The project environment to retrieve secrets from.
- Secret Path: The folder path to retrieve secrets from.
If you need to sync secrets from multiple folder locations, check out secret imports.
Configure the Destination to where secrets should be deployed, then click Next.
The destination configuration is organized into two tabs:
General Tab:
- Octopus Deploy Connection: The Octopus Deploy Connection to authenticate with.
- Space: The Octopus Deploy Space to sync secrets to.
- Project: The Octopus Deploy Project within the Space to sync secrets to.
Advanced Tab:
The Advanced tab allows you to specify optional scope values to restrict where the synced variables are available within your Octopus Deploy project:
- Environments: Restrict variables to specific environments (e.g., Development, Staging, Production).
- Target Tags: Restrict variables to specific target tags (e.g., web-server, database).
- Targets: Restrict variables to specific deployment targets.
- Processes: Restrict variables to specific deployment processes.
- Deployment Steps: Restrict variables to specific deployment steps.
- Channels: Restrict variables to specific release channels.
Configure the Sync Options to specify how secrets should be synced, then click Next.
- Initial Sync Behavior: Determines how Hanzo KMS should resolve the initial sync.
- Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Hanzo KMS.
Octopus Deploy does not support importing secrets.
- Key Schema: Template that determines how secret names are transformed when syncing, using
{{secretKey}}as a placeholder for the original secret name and{{environment}}for the environment.
We highly recommend using a Key Schema to ensure that Hanzo KMS only manages the specific keys you intend, keeping everything else untouched.
- Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
- Disable Secret Deletion: If enabled, Hanzo KMS will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Hanzo KMS.
Configure the Details of your Octopus Deploy Sync, then click Next.
- Name: The name of your sync. Must be slug-friendly.
- Description: An optional description for your sync.
Review your Octopus Deploy Sync configuration, then click Create Sync.
If enabled, your Octopus Deploy Sync will begin syncing your secrets to the destination endpoint.
To create an Octopus Deploy Sync, make an API request to the Create Octopus Deploy Sync API endpoint.
Sample request
curl --request POST \
--url https://app.kms.hanzo.ai/api/v1/secret-syncs/octopus-deploy \
--header 'Content-Type: application/json' \
--data '{
"name": "my-octopus-deploy-sync",
"projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"description": "sync to octopus deploy project",
"connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"environment": "dev",
"secretPath": "/",
"isEnabled": true,
"isAutoSyncEnabled": true,
"syncOptions": {
"initialSyncBehavior": "overwrite-destination",
"disableSecretDeletion": false
},
"destinationConfig": {
"spaceId": "Spaces-1",
"scope": "project",
"projectId": "Projects-123",
"scopeValues": {
"environments": ["Environments-1", "Environments-2"],
"roles": ["web-server"],
"channels": ["Channels-1"]
}
}
}'Sample response
{
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"name": "my-octopus-deploy-secret-sync",
"description": null,
"isAutoSyncEnabled": true,
"version": 1,
"projectId": "1e812ad3-e5df-4f1b-839d-13b4ef201840",
"folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"createdAt": "2025-12-12T09:44:59.023Z",
"updatedAt": "2025-12-12T09:44:59.023Z",
"syncStatus": "succeeded",
"lastSyncJobId": null,
"lastSyncMessage": null,
"lastSyncedAt": null,
"importStatus": null,
"lastImportJobId": null,
"lastImportMessage": null,
"lastImportedAt": null,
"removeStatus": null,
"lastRemoveJobId": null,
"lastRemoveMessage": null,
"lastRemovedAt": null,
"syncOptions": {
"initialSyncBehavior": "overwrite-destination",
"disableSecretDeletion": false
},
"connection": {
"app": "octopus-deploy",
"name": "my-octopus-deploy-connection",
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
},
"environment": {
"slug": "dev",
"name": "Development",
"id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
},
"folder": {
"id": "ad9c26ed-a7ee-41f4-b883-8dd25736052a",
"path": "/"
},
"destination": "octopus-deploy",
"destinationConfig": {
"spaceId": "Spaces-1",
"scope": "project",
"projectId": "Projects-1",
"scopeValues": {
"environments": [
"Environments-1",
"Environments-2"
],
"roles": [
"sample-app-server"
],
"machines": [
"Machines-1",
"Machines-2"
],
"processes": [
"Runbooks-1",
"Runbooks-2"
],
"actions": [
"3c90c3cc-0d44-4b50-8888-8dd25736052a",
"3c90c3cc-0d44-4b50-8888-8dd25736052a"
],
"channels": [
"Channels-2",
"Channels-1"
]
}
}
}How is this guide?
Last updated on