How to Display Value of Sensitive Variable in Octopus Deploy

Sometimes you have a variable in Octopus Deploy which is marked as 'sensitive' and you can't see its value:

Octopus Sensitive Variables

And then you forget what it was and need to set it up somewhere else and start to wonder - how do I get this?

I wondered too and my first attempt to recover the password was to create a 'Run the script' Octopus Deploy step:

Write-Host ('The password is ' + $OctopusParameters['MySecretPassword'])

But when you execute it, Octopus masks it by showing you some beautiful stars:

Octopus Shows Stars

So I've changed it a little bit so the value printed on the screen was base64-encoded:

$base64password = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($OctopusParameters['MySecretPassword']))
Write-Host "The encoded password is $base64password"

This will produce line like this in an Octopus Log:

The encoded password is U3F1aXJyZWxzQXJlQXdlc29tZSEhIQ==

And now you can easily convert it back with PowerShell:

# This will tell you the secret password to the universe
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('U3F1aXJyZWxzQXJlQXdlc29tZSEhIQ=='))
Squirrelistic Ltd. Registered in England and Wales