Jeremy Davis
Jeremy Davis
Sitecore, C# and web development
Article printed from: https://blog.jermdavis.dev/posts/2019/logging-generated-passwords-in-sif

Logging generated passwords in SIF

Published 24 June 2019

I've been looking at adjusting SIF scripts for a production deployment recently, and realised that sometimes you'd like SIF to generate random passwords for you, but you need them logged so you can reuse them in scripts you're crafting for other roles. It doesn't do that out of the box, but it turns out it's actually quite simple:

The default configuration for XPx-SingleDeveloper.json includes a task that generates a set of random passwords (and some other stuff) for you:

    "Tasks": {
        "GeneratePasswords": {
            "Description": "Generates all shared passwords and secrets.",
            "Type": "SetVariable",
            "Params": {
                "Name": "XP1Passwords",
                "Scope": "Global",
                "Value":  [
                    /* Other generation tasks... */

                    {"SqlCorePassword":                "[variable('SqlCore.Password')]"},

                    /* Other generation tasks... */
                ]
            }
        }
    }

					

And if you're feeling too lazy to generate all these things yourself, it seems sensible to reuse this in scripts where everything's not on the same box...

It squirrels all these values away into variables, so that they can be reused for all the included tasks that set up all the roles – but it doesn't seem to record them anywhere else. That's entirely sensible from a security perspective – but that's of no help if you're going to have to take the Content Delivery .json over to another server and run it there. (Yes, I know SIF v2 supports remoting - but so far I've yet to meet a client that actually allows that on their production servers)

But it turns out that it's actually very simple to get SIF to log something for you. There are two things to do:

First, you need to ensure that you've registered the WriteInformation task, which enables logging. Depending on what file you're starting from, this might be done already – but what you need is to ensure that task is added to the /Register/Tasks block:

    "Register": {
        "Tasks": {
            "SetVariable": "Set-Variable",
            "WriteInformation": "Write-Information"
        }
    },

					

With that done, you can now add your own tasks to output whatever generated values you're after. So after the generation block in /Tasks above, you might add:

    "Tasks": {

        /* Whatever generation tasks you need */

        "DisplaySqlCorePassword": {
            "Description": "Displays the Sql Core DB password.",
            "Type": "WriteInformation",
            "Params": {
                "MessageData": "[concat('Sql Core DB Password: ',variable('SqlCore.Password'))]",
                "InformationAction": "Continue"
            }
        }
    }

					

in order to get the password generated for the Core database. And you can add more of these to write out whatever passwords you need to reuse:

SIF Logged Data

That's just binding a task based on WriteInformation which outputs the string defined by MessageData. So you can construct more complex messages if you want, too.

Just remember not to leave log files lying around with these values in them...

↑ Back to top