afaniuolo/PopulateSecrets.ps1

## PopulateSecrets.ps1
<#
.SYNOPSIS
    Generates new secrets for Sitecore K8s deployment
.DESCRIPTION
    This Powershell script generates new secrets for a Sitecore K8s deployment.
    This script requires the SitecoreInstallFramework module (see https://dev.sitecore.net/Downloads/Sitecore_Installation_Framework/2x/Sitecore_Installation_Framework_230.aspx).
    This script needs to be executed from the root deployment folder of a specific topology.
.PARAMETER SitecoreLicensePath
    Full path of the Sitecore license
.EXAMPLE
    .\PopulateSecrets.ps1 -SitecoreLicensePath "C:\license\license.xml"
#>

[CmdletBinding()]
Param (
    [Parameter(Mandatory)]
    [ValidateScript(
        { if (-Not ($_ | Test-Path) )
        { throw "The file or folder $_ does not exist" }
        if (-Not ($_ | Test-Path -PathType Leaf) )
        { throw "The Path argument must be a file. Folder paths are not allowed." } return $true })]
    [string] $SitecoreLicensePath
)

Import-Module SitecoreInstallFramework

# Create complex passwords in secrets
Write-Host "Creating and storing passwords in secrets..."
Get-ChildItem ".\secrets" -Filter *password.txt |
Foreach-Object {
    Invoke-RandomStringConfigFunction -Length 20 -EnforceComplexity -DisallowSpecial | Set-Content $_.FullName -NoNewline
}

Get-ChildItem ".\secrets" -Filter *telerikencryptionkey.txt | Foreach-Object {
    Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline
}

Get-ChildItem ".\secrets" -Filter *identitysecret.txt | Foreach-Object {
    Invoke-RandomStringConfigFunction -Length 64 -DisallowSpecial | Set-Content $_.FullName -NoNewline
}

Get-ChildItem ".\secrets" -Filter *reportingapikey.txt | Foreach-Object {
    Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline
}

Get-ChildItem ".\secrets" -Filter *media-request-protection-shared-secret.txt | Foreach-Object {
    Invoke-RandomStringConfigFunction -Length 64 | Set-Content $_.FullName -NoNewline
}

Write-Host "Converting and storing Sitecore license in secret..."
ConvertTo-CompressedBase64String -Path $SitecoreLicensePath | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-license.txt

Write-Host "Creating the Identity Server token signing certificate and storing it in secret..."
$certificatePassword = Get-Item -Path .\secrets\sitecore-identitycertificatepassword.txt | Get-Content
$newCert = New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "Sitecore Identity Token Signing" -NotAfter (Get-Date).AddYears(5)
Export-PfxCertificate -Cert $newCert -FilePath .\SitecoreIdentityTokenSigning.pfx -Password (ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText)
[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Get-Item .\SitecoreIdentityTokenSigning.pfx))) | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-identitycertificate.txt

$mkcert = ".\mkcert.exe"
if (-not (Test-Path $mkcert)) {
    Invoke-WebRequest https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-windows-amd64.exe -UseBasicParsing -OutFile mkcert.exe
}
Write-Host "Creating TLS/HTTPS certificates..."
& $mkcert -install
& $mkcert -cert-file secrets\tls\global-cm\tls.crt -key-file secrets\tls\global-cm\tls.key "cm.globalhost"
& $mkcert -cert-file secrets\tls\global-cd\tls.crt -key-file secrets\tls\global-cd\tls.key "cd.globalhost"
& $mkcert -cert-file secrets\tls\global-id\tls.crt -key-file secrets\tls\global-id\tls.key "id.globalhost"

function ConvertTo-CompressedBase64String {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory)]
        [ValidateScript(
            { if (-Not ($_ | Test-Path) )
            { throw "The file or folder $_ does not exist" }
            if (-Not ($_ | Test-Path -PathType Leaf) )
            { throw "The Path argument must be a file. Folder paths are not allowed." } return $true })]
        [string] $Path
    )

    $fileBytes = [System.IO.File]::ReadAllBytes($Path)
    [System.IO.MemoryStream] $memoryStream = New-Object System.IO.MemoryStream
    $gzipStream = New-Object System.IO.Compression.GzipStream $memoryStream, ([IO.Compression.CompressionMode]::Compress) $gzipStream.Write($fileBytes, 0, $fileBytes.Length)
    $gzipStream.Close()
    $memoryStream.Close()
    $compressedFileBytes = $memoryStream.ToArray()
    $encodedCompressedFileData = [Convert]::ToBase64String($compressedFileBytes)
    $gzipStream.Dispose()
    $memoryStream.Dispose()
    return $encodedCompressedFileData
}
	<#
	.SYNOPSIS
	Generates new secrets for Sitecore K8s deployment
	.DESCRIPTION
	This Powershell script generates new secrets for a Sitecore K8s deployment.
	This script requires the SitecoreInstallFramework module (see https://dev.sitecore.net/Downloads/Sitecore_Installation_Framework/2x/Sitecore_Installation_Framework_230.aspx).
	This script needs to be executed from the root deployment folder of a specific topology.
	.PARAMETER SitecoreLicensePath
	Full path of the Sitecore license
	.EXAMPLE
	.\PopulateSecrets.ps1 -SitecoreLicensePath "C:\license\license.xml"
	#>

	[CmdletBinding()]
	Param (
	[Parameter(Mandatory)]
	[ValidateScript(
	{ if (-Not ($_ \| Test-Path) )
	{ throw "The file or folder $_ does not exist" }
	if (-Not ($_ \| Test-Path -PathType Leaf) )
	{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })]
	[string] $SitecoreLicensePath
	)

	Import-Module SitecoreInstallFramework

	# Create complex passwords in secrets
	Write-Host "Creating and storing passwords in secrets..."
	Get-ChildItem ".\secrets" -Filter *password.txt \|
	Foreach-Object {
	Invoke-RandomStringConfigFunction -Length 20 -EnforceComplexity -DisallowSpecial \| Set-Content $_.FullName -NoNewline
	}

	Get-ChildItem ".\secrets" -Filter *telerikencryptionkey.txt \| Foreach-Object {
	Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial \| Set-Content $_.FullName -NoNewline
	}

	Get-ChildItem ".\secrets" -Filter *identitysecret.txt \| Foreach-Object {
	Invoke-RandomStringConfigFunction -Length 64 -DisallowSpecial \| Set-Content $_.FullName -NoNewline
	}

	Get-ChildItem ".\secrets" -Filter *reportingapikey.txt \| Foreach-Object {
	Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial \| Set-Content $_.FullName -NoNewline
	}

	Get-ChildItem ".\secrets" -Filter *media-request-protection-shared-secret.txt \| Foreach-Object {
	Invoke-RandomStringConfigFunction -Length 64 \| Set-Content $_.FullName -NoNewline
	}

	Write-Host "Converting and storing Sitecore license in secret..."
	ConvertTo-CompressedBase64String -Path $SitecoreLicensePath \| Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-license.txt

	Write-Host "Creating the Identity Server token signing certificate and storing it in secret..."
	$certificatePassword = Get-Item -Path .\secrets\sitecore-identitycertificatepassword.txt \| Get-Content
	$newCert = New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "Sitecore Identity Token Signing" -NotAfter (Get-Date).AddYears(5)
	Export-PfxCertificate -Cert $newCert -FilePath .\SitecoreIdentityTokenSigning.pfx -Password (ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText)
	[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Get-Item .\SitecoreIdentityTokenSigning.pfx))) \| Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-identitycertificate.txt

	$mkcert = ".\mkcert.exe"
	if (-not (Test-Path $mkcert)) {
	Invoke-WebRequest https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-windows-amd64.exe -UseBasicParsing -OutFile mkcert.exe
	}
	Write-Host "Creating TLS/HTTPS certificates..."
	& $mkcert -install
	& $mkcert -cert-file secrets\tls\global-cm\tls.crt -key-file secrets\tls\global-cm\tls.key "cm.globalhost"
	& $mkcert -cert-file secrets\tls\global-cd\tls.crt -key-file secrets\tls\global-cd\tls.key "cd.globalhost"
	& $mkcert -cert-file secrets\tls\global-id\tls.crt -key-file secrets\tls\global-id\tls.key "id.globalhost"

	function ConvertTo-CompressedBase64String {
	[CmdletBinding()]
	Param (
	[Parameter(Mandatory)]
	[ValidateScript(
	{ if (-Not ($_ \| Test-Path) )
	{ throw "The file or folder $_ does not exist" }
	if (-Not ($_ \| Test-Path -PathType Leaf) )
	{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })]
	[string] $Path
	)

	$fileBytes = [System.IO.File]::ReadAllBytes($Path)
	[System.IO.MemoryStream] $memoryStream = New-Object System.IO.MemoryStream
	$gzipStream = New-Object System.IO.Compression.GzipStream $memoryStream, ([IO.Compression.CompressionMode]::Compress) $gzipStream.Write($fileBytes, 0, $fileBytes.Length)
	$gzipStream.Close()
	$memoryStream.Close()
	$compressedFileBytes = $memoryStream.ToArray()
	$encodedCompressedFileData = [Convert]::ToBase64String($compressedFileBytes)
	$gzipStream.Dispose()
	$memoryStream.Dispose()
	return $encodedCompressedFileData
	}