Azure Function Key Vault reference for certificates?

Question

I'm trying to use Key Vault references in my Azure Function (v1) as described here. It works fine for secrets, but not for certificates.

The docs don't mention certs at all, so maybe they are simply not supported? I was hoping to get it as a base64 string.

Example app setting I'm using: @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/certificates/ApiClientAuthenticationCertificate/f9580a1f5a0c4a6ca65ea089976ca2b0)

Answer 1

Turns out the cert is available under the /secrets path. My example above should look like this: @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/ApiClientAuthenticationCertificate/f9580a1f5a0c4a6ca65ea089976ca2b0).

Then, the setting value will be a base64 string of the cert in PFX format. Instantiate like so in your Azure Function:

byte[] certBytes = Convert.FromBase64String(base64Pfx);
var cert = new X509Certificate2();
cert.Import(certBytes, String.Empty, X509KeyStorageFlags.MachineKeySet);