How-To: Serie Deploy Secure ASF with ARM – Step 03 – Generate encrypted AppKey

This step 3 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”. In this step we generate encrypted value of the appkey, we generated in the previous step. For the generation of the encrypted value, one of the certificates we created in the first step will be used. The encrypted value will be used later on in the CI/CD pipeline.

Step 03: Generate encrypted AppKey

For every SF application which is created in the previous step you have created an AppKey. This AppKey needs to be encrypted and will be an input parameter for the Release task in Visual Studio Team Services (VSTS).

To make encryption possible it is necessary that you have imported the Data Encipherment certificate. Lookup the thumbprint of the Data Encipherment certificate, you can do that by opening MMC and then add snapin ‘Certificates’ and choose Computer Account, find the certificate and double click.

Double click on Thumbprint. In the bottom screen copy the text. Remember/Write down the Thumbprint.

When you have not installed the Service Fabric Powershell modules, please do so, see https://docs.microsoft.com/en-us/powershell/azure/service-fabric/overview?view=azureservicefabricps

Open powershell and execute the following command:

Invoke-ServiceFabricEncryptText -CertStore -CertThumbprint '<THUMBPRINT>' -Text '<APPKEY>' -StoreLocation CurrentUser -StoreName My

Watch the single quotes instead of the double quotes, I was struggling with it before I got it working. The result of the command will look like:

Copy the result of the command and paste it in notepad and remove the CRLF, so that it will become a one line string and remember it. Repeat this paragraph for every application you have created in AAD.

Next step: Step 04 – Lookup the service principles