Octopus Deploy is enhancing its security measures by transitioning to hashed and salted storage for API keys using PBKDF2, similar to its password security approach, to prevent unauthorized access and misuse. Previously, API keys were stored as plain text, a common practice across many web applications, posing a risk if database contents were accessed. Inspired by Amazon Web Services' recent security update, Octopus Deploy version 2.2 will only present API keys once upon generation, requiring users to securely store them independently. This update will also allow users to manage multiple API keys, deactivate compromised or redundant ones, and enhance auditing by recording authentication methods in audit events, ensuring better security and traceability.