Sitecore 10 on AKS - Powershell script to populate secrets for Kubernetes deployment
<# | |
.SYNOPSIS | |
Generates new secrets for Sitecore K8s deployment | |
.DESCRIPTION | |
This Powershell script generates new secrets for a Sitecore K8s deployment. | |
This script requires the SitecoreInstallFramework module (see https://dev.sitecore.net/Downloads/Sitecore_Installation_Framework/2x/Sitecore_Installation_Framework_230.aspx). | |
This script needs to be executed from the root deployment folder of a specific topology. | |
.PARAMETER SitecoreLicensePath | |
Full path of the Sitecore license | |
.EXAMPLE | |
.\PopulateSecrets.ps1 -SitecoreLicensePath "C:\license\license.xml" | |
#> | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory)] | |
[ValidateScript( | |
{ if (-Not ($_ | Test-Path) ) | |
{ throw "The file or folder $_ does not exist" } | |
if (-Not ($_ | Test-Path -PathType Leaf) ) | |
{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })] | |
[string] $SitecoreLicensePath | |
) | |
Import-Module SitecoreInstallFramework | |
# Create complex passwords in secrets | |
Write-Host "Creating and storing passwords in secrets..." | |
Get-ChildItem ".\secrets" -Filter *password.txt | | |
Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 20 -EnforceComplexity | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *telerikencryptionkey.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *identitysecret.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 64 -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *reportingapikey.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline | |
} | |
Get-ChildItem ".\secrets" -Filter *media-request-protection-shared-secret.txt | Foreach-Object { | |
Invoke-RandomStringConfigFunction -Length 64 | Set-Content $_.FullName -NoNewline | |
} | |
Write-Host "Converting and storing Sitecore license in secret..." | |
ConvertTo-CompressedBase64String -Path $SitecoreLicensePath | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-license.txt | |
Write-Host "Creating the Identity Server token signing certificate and storing it in secret..." | |
$certificatePassword = Get-Item -Path .\secrets\sitecore-identitycertificatepassword.txt | Get-Content | |
$newCert = New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "Sitecore Identity Token Signing" -NotAfter (Get-Date).AddYears(5) | |
Export-PfxCertificate -Cert $newCert -FilePath .\SitecoreIdentityTokenSigning.pfx -Password (ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText) | |
[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Get-Item .\SitecoreIdentityTokenSigning.pfx))) | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-identitycertificate.txt | |
$mkcert = ".\mkcert.exe" | |
if (-not (Test-Path $mkcert)) { | |
Invoke-WebRequest https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-windows-amd64.exe -UseBasicParsing -OutFile mkcert.exe | |
} | |
Write-Host "Creating TLS/HTTPS certificates..." | |
& $mkcert -install | |
& $mkcert -cert-file secrets\tls\global-cm\tls.crt -key-file secrets\tls\global-cm\tls.key "cm.globalhost" | |
& $mkcert -cert-file secrets\tls\global-cd\tls.crt -key-file secrets\tls\global-cd\tls.key "cd.globalhost" | |
& $mkcert -cert-file secrets\tls\global-id\tls.crt -key-file secrets\tls\global-id\tls.key "id.globalhost" | |
function ConvertTo-CompressedBase64String { | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory)] | |
[ValidateScript( | |
{ if (-Not ($_ | Test-Path) ) | |
{ throw "The file or folder $_ does not exist" } | |
if (-Not ($_ | Test-Path -PathType Leaf) ) | |
{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })] | |
[string] $Path | |
) | |
$fileBytes = [System.IO.File]::ReadAllBytes($Path) | |
[System.IO.MemoryStream] $memoryStream = New-Object System.IO.MemoryStream | |
$gzipStream = New-Object System.IO.Compression.GzipStream $memoryStream, ([IO.Compression.CompressionMode]::Compress) $gzipStream.Write($fileBytes, 0, $fileBytes.Length) | |
$gzipStream.Close() | |
$memoryStream.Close() | |
$compressedFileBytes = $memoryStream.ToArray() | |
$encodedCompressedFileData = [Convert]::ToBase64String($compressedFileBytes) | |
$gzipStream.Dispose() | |
$memoryStream.Dispose() | |
return $encodedCompressedFileData | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment