This step 3 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”. In this step we generate encrypted value of the appkey, we generated in the previous step. For the generation of the encrypted value, one of the certificates we created in the first step will be used. The encrypted value will be used later on in the CI/CD pipeline.
Overview of the steps | ||
---|---|---|
01. | Create and import the certificates | |
02. | Register SF Application in AAD and create AppKey | |
03. | [CURRENT] Generate encrypted AppKey | |
04. | Lookup the service principles | |
05. | Create the Key Vaults with ARM | |
06. | Adjust the SF Application settings | |
07. | Upload certificates to Key Vault | |
08. | Register the Service Fabric System Applications | |
09. | Install SF Cluster with ARM | |
10. | Coming Soon! |
Step 03: Generate encrypted AppKey
For every SF application which is created in the previous step you have created an AppKey. This AppKey needs to be encrypted and will be an input parameter for the Release task in Visual Studio Team Services (VSTS).
To make encryption possible it is necessary that you have imported the Data Encipherment certificate. Lookup the thumbprint of the Data Encipherment certificate, you can do that by opening MMC and then add snapin ‘Certificates’ and choose Computer Account, find the certificate and double click.
Double click on Thumbprint. In the bottom screen copy the text. Remember/Write down the Thumbprint.
When you have not installed the Service Fabric Powershell modules, please do so, see https://docs.microsoft.com/en-us/powershell/azure/service-fabric/overview?view=azureservicefabricps
Open powershell and execute the following command:
Invoke-ServiceFabricEncryptText -CertStore -CertThumbprint '<THUMBPRINT>' -Text '<APPKEY>' -StoreLocation CurrentUser -StoreName My
Watch the single quotes instead of the double quotes, I was struggling with it before I got it working. The result of the command will look like:
Copy the result of the command and paste it in notepad and remove the CRLF, so that it will become a one line string and remember it. Repeat this paragraph for every application you have created in AAD.
Next step: Step 04 – Lookup the service principles