Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sitecore 10 on AKS - Powershell script to populate secrets for Kubernetes deployment
<#
.SYNOPSIS
Generates new secrets for Sitecore K8s deployment
.DESCRIPTION
This Powershell script generates new secrets for a Sitecore K8s deployment.
This script requires the SitecoreInstallFramework module (see https://dev.sitecore.net/Downloads/Sitecore_Installation_Framework/2x/Sitecore_Installation_Framework_230.aspx).
This script needs to be executed from the root deployment folder of a specific topology.
.PARAMETER SitecoreLicensePath
Full path of the Sitecore license
.EXAMPLE
.\PopulateSecrets.ps1 -SitecoreLicensePath "C:\license\license.xml"
#>
[CmdletBinding()]
Param (
[Parameter(Mandatory)]
[ValidateScript(
{ if (-Not ($_ | Test-Path) )
{ throw "The file or folder $_ does not exist" }
if (-Not ($_ | Test-Path -PathType Leaf) )
{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })]
[string] $SitecoreLicensePath
)
Import-Module SitecoreInstallFramework
# Create complex passwords in secrets
Write-Host "Creating and storing passwords in secrets..."
Get-ChildItem ".\secrets" -Filter *password.txt |
Foreach-Object {
Invoke-RandomStringConfigFunction -Length 20 -EnforceComplexity | Set-Content $_.FullName -NoNewline
}
Get-ChildItem ".\secrets" -Filter *telerikencryptionkey.txt | Foreach-Object {
Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline
}
Get-ChildItem ".\secrets" -Filter *identitysecret.txt | Foreach-Object {
Invoke-RandomStringConfigFunction -Length 64 -DisallowSpecial | Set-Content $_.FullName -NoNewline
}
Get-ChildItem ".\secrets" -Filter *reportingapikey.txt | Foreach-Object {
Invoke-RandomStringConfigFunction -Length 100 -DisallowSpecial | Set-Content $_.FullName -NoNewline
}
Get-ChildItem ".\secrets" -Filter *media-request-protection-shared-secret.txt | Foreach-Object {
Invoke-RandomStringConfigFunction -Length 64 | Set-Content $_.FullName -NoNewline
}
Write-Host "Converting and storing Sitecore license in secret..."
ConvertTo-CompressedBase64String -Path $SitecoreLicensePath | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-license.txt
Write-Host "Creating the Identity Server token signing certificate and storing it in secret..."
$certificatePassword = Get-Item -Path .\secrets\sitecore-identitycertificatepassword.txt | Get-Content
$newCert = New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "Sitecore Identity Token Signing" -NotAfter (Get-Date).AddYears(5)
Export-PfxCertificate -Cert $newCert -FilePath .\SitecoreIdentityTokenSigning.pfx -Password (ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText)
[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Get-Item .\SitecoreIdentityTokenSigning.pfx))) | Out-File -Encoding ascii -NoNewline -Confirm -FilePath .\secrets\sitecore-identitycertificate.txt
$mkcert = ".\mkcert.exe"
if (-not (Test-Path $mkcert)) {
Invoke-WebRequest https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-windows-amd64.exe -UseBasicParsing -OutFile mkcert.exe
}
Write-Host "Creating TLS/HTTPS certificates..."
& $mkcert -install
& $mkcert -cert-file secrets\tls\global-cm\tls.crt -key-file secrets\tls\global-cm\tls.key "cm.globalhost"
& $mkcert -cert-file secrets\tls\global-cd\tls.crt -key-file secrets\tls\global-cd\tls.key "cd.globalhost"
& $mkcert -cert-file secrets\tls\global-id\tls.crt -key-file secrets\tls\global-id\tls.key "id.globalhost"
function ConvertTo-CompressedBase64String {
[CmdletBinding()]
Param (
[Parameter(Mandatory)]
[ValidateScript(
{ if (-Not ($_ | Test-Path) )
{ throw "The file or folder $_ does not exist" }
if (-Not ($_ | Test-Path -PathType Leaf) )
{ throw "The Path argument must be a file. Folder paths are not allowed." } return $true })]
[string] $Path
)
$fileBytes = [System.IO.File]::ReadAllBytes($Path)
[System.IO.MemoryStream] $memoryStream = New-Object System.IO.MemoryStream
$gzipStream = New-Object System.IO.Compression.GzipStream $memoryStream, ([IO.Compression.CompressionMode]::Compress) $gzipStream.Write($fileBytes, 0, $fileBytes.Length)
$gzipStream.Close()
$memoryStream.Close()
$compressedFileBytes = $memoryStream.ToArray()
$encodedCompressedFileData = [Convert]::ToBase64String($compressedFileBytes)
$gzipStream.Dispose()
$memoryStream.Dispose()
return $encodedCompressedFileData
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment