We are having difficulties trying to introduce secure install properties into our installer and I was hoping to get some information here on how to integrate this feature.
First of all, we have a configuration file used alongside our .exe file that gives the user of our installer the ability to specify environment variables of our product to be installed. We persist all the variables from the configuration file to registry but we don't want everything to be stored in plain text. We need persistence of variable because we need to implement the possibility of a reinstallation and upgrade of our product.
Also, one important thing to note is that our custom actions are mostly Launch File (which are used to run .bat files) or Run PowerShell Inline Script (that are often used to run either .bat or .ps1 files after some needed preprocessing on our part) types of custom actions.
After marking the desired variables as secure in the Properties component of our project and building it, we run a test installation (First-time install of the product) and it crashes.
The problem is, after the parameters have been read and secured, they get encrypted and stay that way throughout the installation. That causes problems to our custom actions that use those parameters and expect them to be the actual string values the user provided inside of the configuration file, not the encrypted ones.
So, how can we fix this issue? Is there some kind of a decryption algorithm that we could use inside of a Run PowerShell Inline Script custom action that would prepare the parameters for further use throughout the installation?