Menu
I am using Azure Key Vault to protect our keys and secrets, but I am unsure how I can use the KeyBundle I retrieve using the .net SDK. How can I create an X509Certificate2 object?
600
Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. Key Management - Azure Key Vault can be used as a Key Management solution.
When you import / create a certificate in KeyVault, 3 entities are created:
Certificate - contains all the relevant details about the certificate, including its public part (i.e. public key, validity period, thumbprint etc.)
Secret - contains the private key (which is the private part of the certificate) in base64
Key - I don't know, but irrelevant for this thread.
You could create X509Certificate2 object with either the Certificate object or the Secret object.
In case you want the X509Certificate2 to contain the private key, then of course you would need to fetch the Secret entity's value and do the following:
SecretBundle certificatePrivateKeySecretBundle =
await keyVaultClient.GetSecretAsync(certificateIdentifierSecretPart);
byte[] privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value);
X509Certificate2 certificateWithPrivateKey = new X509Certificate2(privateKeyBytes, (string) null, X509KeyStorageFlags.MachineKeySet);
The certificateIdentifierSecretPart equals the certificate's secret part path:
https://<vault name>.vaults.azure.net/secrets/<certificate name>
Note the /secrets/ path.
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
