120 votesEric Loveland commented
This was also suggested here: https://github.com/OctopusDeploy/Issues/issues/3093#issuecomment-275559590
I would like to see this implemented as an extensibility point however. Other secrets management systems such as Thycotic Secret Server, ManageEngine Password Manager, Square KeyWhiz and any variety of on-prem and cloud HSMszure are in use throughout our industry.
Initially I thought that this could be implemented via an Octostache extensibility point (a plugin that helps it fetch sensitive vars) but I realized this would not be compatible with offline deployments.
We have started this under https://github.com/OctopusDeploy/Issues/issues/4159 (subscribe to that for updated). Workers is also related to this (https://github.com/OctopusDeploy/Issues/issues/4158)