DEV Community

Jeremy Davis
Jeremy Davis

Posted on • Originally published at blog.jermdavis.dev on

Logging generated passwords in SIF

I’ve been looking at adjusting SIF scripts for a production deployment recently, and realised that sometimes you’d like SIF to generate random passwords for you, but you need them logged so you can reuse them in scripts you’re crafting for other roles. It doesn’t do that out of the box, but it turns out it’s actually quite simple:

The default configuration for “XPx-SingleDeveloper.json” includes a task that generates a set of random passwords (and some other stuff) for you:

    "Tasks": {
        "GeneratePasswords": {
            "Description": "Generates all shared passwords and secrets.",
            "Type": "SetVariable",
            "Params": {
                "Name": "XP1Passwords",
                "Scope": "Global",
                "Value":  [
                    /* Other generation tasks... */

                    {"SqlCorePassword":                "[variable('SqlCore.Password')]"},

                    /* Other generation tasks... */
                ]
            }
        }
    }
Enter fullscreen mode Exit fullscreen mode

And if you’re feeling too lazy to generate all these things yourself, it seems sensible to reuse this in scripts where everything’s not on the same box…

It squirrels all these values away into variables, so that they can be reused for all the included tasks that set up all the roles – but it doesn’t seem to record them anywhere else. That’s entirely sensible from a security perspective – but that’s of no help if you’re going to have to take the Content Delivery .json over to another server and run it there. (Yes, I know SIF v2 supports remoting – but so far I’ve yet to meet a client that actually allows that on their production servers)

But it turns out that it’s actually very simple to get SIF to log something for you. There are two things to do:

First, you need to ensure that you’ve registered the “WriteInformation” task, which enables logging. Depending on what file you’re starting from, this might be done already – but what you need is to ensure that task is added to the “/Register/Tasks” block:

    "Register": {
        "Tasks": {
            "SetVariable": "Set-Variable",
            "WriteInformation": "Write-Information"
        }
    },
Enter fullscreen mode Exit fullscreen mode

With that done, you can now add your own tasks to output whatever generated values you’re after. So after the generation block in “/Tasks” above, you might add:

    "Tasks": {

        /* Whatever generation tasks you need */

        "DisplaySqlCorePassword": {
            "Description": "Displays the Sql Core DB password.",
            "Type": "WriteInformation",
            "Params": {
                "MessageData": "[concat('Sql Core DB Password: ',variable('SqlCore.Password'))]",
                "InformationAction": "Continue"
            }
        }
    }
Enter fullscreen mode Exit fullscreen mode

in order to get the password generated for the Core database. And you can add more of these to write out whatever passwords you need to reuse:

That’s just binding a task based on “WriteInformation” which outputs the string defined by “MessageData“. So you can construct more complex messages if you want, too.

Just remember not to leave log files lying around with these values in them…

Top comments (0)