Use System Environment Variables to store Passwords - Esri/arcgis-powershell-dsc GitHub Wiki
Overview
Storing passwords in System Environment variables was introduced in PowerShell DSC ArcGIS Module 4.3.0. This functionality can help provide a secure method of storing passwords on the local machines as environment variables instead of generating encrypted password files or specifying the passwords as plain text in the JSON configuration file. For more information on these attributes, please visit the variables reference page
Prepare the Orchestration Machine
-
Create system environment variables on the orchestration node for each password that will need to be stored. The system environment variables only need to be added to the orchestration node, not all nodes participating in the deployment.
Note: The name of the system environment variable can be set to any value, so long as the variable is not already being used elsewhere.
- PowerShell can be used to create these system environment variables using the following command. Replace
SYSTEM_ENVIRONMENT_VARIABLE_NAMEandpasswordwith your desired environment variable name and password value.[Environment]::SetEnvironmentVariable("SYSTEM_ENVIRONMENT_VARIABLE_NAME", "password", "Machine")
- PowerShell can be used to create these system environment variables using the following command. Replace
-
Replace password attribute(s) in JSON configuration file using the following replacement pattern(s):
- AllNodes.ServerLicensePassword -> AllNodes.ServerLicensePasswordEnvironmentVariableName
- AllNodes.GeoEventServerLicensePassword -> AllNodes.GeoEventServerLicensePasswordEnvironmentVariableName
- AllNodes.WorkflowManagerServerLicensePassword -> AllNodes.WorkflowManagerServerLicensePasswordEnvironmentVariableName
- AllNodes.ProLicensePassword -> AllNodes.ProLicensePasswordEnvironmentVariableName
- AllNodes.SslCertificates.Password -> AllNodes.SslCertificates.PasswordEnvironmentVariableName
- ConfigData.ServiceAccount.Password -> ConfigData.ServiceAccount.PasswordEnvironmentVariableName
- ConfigData.AGOCredential.Password -> ConfigData.AGOCredential.PasswordEnvironmentVariableName
- ConfigData.ADServiceUser.Password -> ConfigData.ADServiceUser.PasswordEnvironmentVariableName
- ConfigData.Server.LicensePassword -> ConfigData.Server.LicensePasswordEnvironmentVariableName
- ConfigData.Server.PrimarySiteAdmin.Password -> ConfigData.Server.PrimarySiteAdmin.PasswordEnvironmentVariableName
- ConfigData.Portal.PortalAdministrator.Password -> ConfigData.Portal.PortalAdministrator.PasswordEnvironmentVariableName
- ConfigData.Portal.EmailSettings.Password -> ConfigData.Portal.EmailSettings.PasswordEnvironmentVariableName
- ConfigData.GeoEventServer.LicensePassword -> ConfigData.GeoEventServer.LicensePasswordEnvironmentVariableName
- ConfigData.WorkflowManagerServer.LicensePassword -> ConfigData.WorkflowManagerServer.LicensePasswordEnvironmentVariableName
- ConfigData.Desktop.LicensePassword -> ConfigData.Desktop.LicensePasswordEnvironmentVariableName
Install your deployment
Once the system environment variables are created and specified in the JSON configuration file, run the Invoke-ArcGISConfiguration command-let and provide the path to the configuration file as an input parameter. The -Mode and -DebugSwitch are optional arguments.
Invoke-ArcGISConfiguration -ConfigurationParametersFile [Path to Configuration JSON File](/Esri/arcgis-powershell-dsc/wiki/Path-to-Configuration-JSON-File) -Mode [Install | InstallLicense | InstallLicenseConfigure | Uninstall | Upgrade] -Credential [Config RunAs] -DebugSwitch
or
Invoke-ArcGISConfiguration -ConfigurationParametersFile C:\SampleConfigs\BaseDeployment-SingleMachine.json -Mode InstallLicenseConfigure -Credential domain\username