Octopus
Security
An agent triggering a workflow has real-world consequences — approvals, data writes, notifications. The ProcessPlugin enforces a workflow allowlist, tenant isolation, and audit logging at every integration point.
Workflow Access Policy
The WorkflowAccessPolicy controls which workflows any Octopus agent is permitted to trigger. Two modes are supported:
| Mode | Behaviour | Recommended For |
|---|---|---|
Allowlist | Only workflows listed in AllowedWorkflows can be triggered | Production — always use allowlist mode |
Open | Any workflow can be triggered — no restriction | Development/testing only — never in production |
// WorkflowAccessPolicy implementation
public class WorkflowAccessPolicy
{
private readonly ProcessPluginConfig _config;
public bool IsAllowed(string workflowId)
{
if (_config.WorkflowAccessPolicy.Mode == "Open")
return true;
return _config.WorkflowAccessPolicy.AllowedWorkflows
.Contains(workflowId, StringComparer.OrdinalIgnoreCase);
}
}
Never use Open mode in production. Open mode allows any agent to trigger any workflow in your ProcessServer — including destructive or sensitive processes. Always configure an explicit
AllowedWorkflows allowlist.
Tenant Isolation
All workflow trigger requests include the TenantId from the Octopus ITenantContext. The ProcessServer enforces that the calling tenant has permission to trigger the target workflow:
// WorkflowTriggerService always stamps the tenant ID
var startRequest = new StartWorkflowRequest
{
WorkflowId = workflowId,
TenantId = _tenant.TenantId, // Always from ITenantContext — never from user input
InitiatedBy = ctx.UserId,
Inputs = inputs
};
// ProcessServer validates: does tenant TenantId own workflow WorkflowId?
// If not, returns 403 ForbiddenAudit Trail
Every agent-workflow interaction is recorded in a dedicated audit log:
// Audit log entry stored in Octopus_ProcessAuditLog table
{
"id": "audit-xyz",
"timestamp": "2024-06-15T10:00:00Z",
"tenant_id": "tenant-abc",
"agent_id": "hr-assistant",
"session_id": "sess-123",
"user_id": "user-456",
"workflow_id": "leave-approval-workflow",
"execution_id": "exec-789",
"action": "WorkflowTriggered",
"inputs_summary": "{ employee_id: EMP-1234, days: 5 }",
"outcome": "Completed",
"elapsed_ms": 4250
}Security Checklist
| Control | Required |
|---|---|
| WorkflowAccessPolicy.Mode = "Allowlist" in production | Required |
| AllowedWorkflows list reviewed by workflow owner | Required |
| ProcessServer API key stored in credential store (not appsettings) | Required |
| Audit log retained for compliance period | Required for regulated industries |
| HIL actor agent reviewed for correct decision criteria | Required before enabling HIL |
| Agent system prompt warns not to trigger workflows on insufficient user confirmation | Recommended |