Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure Function Key Vault reference for certificates?

I'm trying to use Key Vault references in my Azure Function (v1) as described here. It works fine for secrets, but not for certificates.

The docs don't mention certs at all, so maybe they are simply not supported? I was hoping to get it as a base64 string.

Example app setting I'm using: @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/certificates/ApiClientAuthenticationCertificate/f9580a1f5a0c4a6ca65ea089976ca2b0)

like image 337
Thomas Kappler Avatar asked Apr 09 '19 18:04

Thomas Kappler


1 Answers

Turns out the cert is available under the /secrets path. My example above should look like this: @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/ApiClientAuthenticationCertificate/f9580a1f5a0c4a6ca65ea089976ca2b0).

Then, the setting value will be a base64 string of the cert in PFX format. Instantiate like so in your Azure Function:

byte[] certBytes = Convert.FromBase64String(base64Pfx);
var cert = new X509Certificate2();
cert.Import(certBytes, String.Empty, X509KeyStorageFlags.MachineKeySet);
like image 55
Thomas Kappler Avatar answered Sep 20 '22 17:09

Thomas Kappler