How are Offline-Drop sensitive variables encrypted?

We are trying to implement a scheme whereby some of the sensitive variables associated with an offline drop can be edited at the customer deployment site. In effect, we are aiming to implement a workaround for this uservoice suggestion:

So, we will create a UI that will gather some secret variables that need to be overwritten and then write these into the secret variable files that are already a part of the offline drop. To do this we need to be able to open the encrypted password protected files, update the contents with the new values (I assume this is JSON) and then write out the protected file again. At this point the offline drop install should be able to run as normal.

Can you let me know how the sensitive variable files are password protected and, hopefully, point me to some PowerShell that can decrypt / re-encrypt them?

Thanks

Hi @bowerandy

Thanks for getting in touch!

While I don’t have an exact answer for you, variable encryption is handled by Calamari which is our communications layer. It is also open source and available on Github so you should be able to find what you are looking for in the code there.

Regards,
Alex

Alex, thanks for you help. With that advice I think I’ve found the answer in: