Your Master Key
When an Octopus Server is installed, we generate a special key used for encryption, called the master key. The master key is then encrypted asymmetrically, using DPAPI, and stored in the Octopus configuration file.
When Octopus is installed, it generates a random string which will be used as the master key. You will need to know your master key if you ever hope to restore an Octopus backup on another server.
Getting the Key From the Octopus Manager
- Open the Octopus Manager from the start menu/start screen.
- Click View master key.
- Click Save to save the master key to a text file or Copy to clipboard and then paste the master key into a text editor or a secure enterprise password manager, and save it.
More about data encryption
A successful disaster recovery plan for Octopus Deploy requires the ability to restore both:
- The Octopus SQL Server database.
- The Octopus data stored on the file system.
Octopus SQL Database
Most of the data and settings managed by Octopus – the projects, environments, deployments and so on – are stored in a SQL Server database. You are responsible for maintaining your own backups of the SQL Server database. Refer to SQL Server documentation for more information on backing up SQL Server.
Octopus File Storage
In addition to the SQL Server database, some Octopus data is stored on the file system. This includes task logs that are generated whenever a job is run by the server, artifacts that have been collected during a deployment and packages stored in the Octopus built-in repository. These files are stored in the Octopus home directory that is configured when Octopus Server is installed (C:\Octopus by default). It is a good idea to do regular backups of your Octopus home directory.
Certain sensitive information in the Octopus database is encrypted. This information is encrypted using your Octopus Server “master key”, a randomly generated string. This master key will be needed if you ever plan to restore the database to a new server. You will be prompted for this key during the setup process when connecting to an existing database. If you have already setup the server you can change the master key so that it will work with the restored database.