Last active
August 29, 2017 15:54
-
-
Save grant-killian/7ed7e53e6f9f021c8efc4891a794583c to your computer and use it in GitHub Desktop.
Secure Sitecore ConnectionStrings using aspnet_regiis (see https://grantkillian.wordpress.com/2017/08/29/encrypting-sitecore-connection-strings-for-sitecore-commerce-azure-sql-and-beyond/ for more context)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Note: | |
- The encyption is specific to each server, so this needs to be run separately on every IIS server | |
- ASPNet_RegIIS requires a web.config file to operate, so we have to massage our Sitecore .config into a web.config format it will understand | |
Steps: | |
1) Copy current Connectionstrings.config to a file named "web.config" | |
2) insert <configuration> node surrounding the <connectionStrings> XML | |
3) run this new web.config file through aspNet_RegIIS... | |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "S:\Sitecore\TEST-CMS\website\App_Config" | |
4) take the contents of the -- now encrypted -- web.config file and pull the information within the | |
<connectionStrings>...</connectionStrings> nodes and overwrite what's currently in connectionStrings.config | |
#> | |
$configLocation = "S:\Sitecore\website\App_Config" | |
#this is here only in case you want a back-up, but don't blindly leave a back-up around or it defeats the purpose of encrypting | |
#Copy-Item -Path ($configLocation + "\connectionStrings.config") -Destination ($configLocation + "\connectionStrings.PlainText.backup") | |
Copy-Item -Path ($configLocation + "\connectionStrings.config") -Destination ($configLocation + "\web.config") | |
$plainConnectionStrings = Get-Content ($configLocation + "\web.config") | |
$plainConnectionStrings.replace('</connectionStrings>', '</connectionStrings></configuration>') | Set-Content ($configLocation + "\web.config") | |
$plainConnectionStrings = Get-Content ($configLocation + "\web.config") | |
$plainConnectionStrings.replace('<connectionStrings>', '<configuration><connectionStrings>') | Set-Content ($configLocation + "\web.config") | |
#Encrypt | |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" $configLocation | |
$encryptedString = Get-Content ($configLocation + "\web.config") | |
$encryptedString.replace('</connectionStrings></configuration>', '</connectionStrings>') | Set-Content ($configLocation + "\web.config") | |
$encryptedString = Get-Content ($configLocation + "\web.config") | |
$encryptedString.replace('<configuration><connectionStrings', '<connectionStrings') | Set-Content ($configLocation + "\web.config") | |
#this is now our XML to inject into the Sitecore connectionStrings.config | |
$encryptedString = Get-Content ($configLocation + "\web.config") | |
Clear-Content -Path ($configLocation + "\connectionStrings.config") | |
Set-Content -Path ($configLocation + "\connectionStrings.config") -Value $encryptedString | |
Remove-Item ($configLocation + "\web.config") | |
Write-Host "$configLocation\webconnectionStrings.config is now encrypted" -ForegroundColor Magenta | |
######################################################################## | |
# to un-encrypt, run the following from the machine that performed the encryption. ConnectionStrings will be revealed in plain text in a new web.config file | |
<# | |
$configLocation = "S:\Sitecore\website\App_Config" | |
Copy-Item -Path ($configLocation + "\connectionStrings.config") -Destination ($configLocation + "\web.config") | |
$plainConnectionStrings = Get-Content ($configLocation + "\web.config") | |
$plainConnectionStrings.replace('</connectionStrings>', '</connectionStrings></configuration>') | Set-Content ($configLocation + "\web.config") | |
$plainConnectionStrings = Get-Content ($configLocation + "\web.config") | |
$plainConnectionStrings.replace('<connectionStrings', '<configuration><connectionStrings') | Set-Content ($configLocation + "\web.config") | |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" $configLocation | |
Write-Host "Check $configLocation\web.config for the plain text configuration" -ForegroundColor Magenta | |
#> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment