Access certificate thumprint from Azure DevOps variable group connected to Key vaults

0 votes

In key vaults in Azure I have a list of secrets and list of certificates.

Example key vault secrets:

  • AppInsightsInstrumentationKey
  • CacheConnectionString

Example certificate:

  • GlobalCertificate

Now I can access as variables in releasing these variables, by simple syntax:

  • $(GlobalCertificate)
  • $(AppInsightsInstrumentationKey)
  • $(CacheConnectionString)

My goal is to read thumprint of certificate localted in variable $(GlobalCertificate). What's the way to get it?

Mar 7, 2022 in DevOps & Agile by Edureka
• 13,670 points

1 answer to this question.

0 votes

I realise it's old, but I came over this article while looking for a solution to the same problem and couldn't find one elsewhere.

I was able to fix it with Powershell, however it's strange what's necessary given that the PFX has already been submitted to the key vault. If you don't want to save your pfx passwords in keyvault, replace the variable in the $pwd line with your own value.

Create a Powershell task in the Azure DevOps Pipeline. The script is as follows:

#Convert the Secure password that's presented as plain text back into a secure string
$pwd = ConvertTo-SecureString -String $(GlobalCertificate-Password) -Force -AsPlainText

#Create PFX file from Certificate Variable
New-Item Temp-Certificate.pfx -Value $(GlobalCertificate)

#Import the PFX certificate from the newly created file and password. Read the thumbprint into variable
$Thumbprint = (Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -FilePath Temp-Certificate.pfx -Password $pwd).Thumbprint

Write-Host $Thumbprint

#Rest of Script below or set environment variable for rest of Pipeline
Write-Host "##vso[task.setvariable variable=Thumbprint]$Thumbprint"

Are you looking to take your career in DevOps to the next level? Consider enrolling in our DevOps Certification Course today!

answered Mar 8, 2022 by gaurav
• 23,260 points

Related Questions In DevOps & Agile

+1 vote
2 answers
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Is it possible to have a link to raw content of file in Azure DevOps{{organization}}/{{project}}/_apis/sourceProviders/{{providerName}}/filecontents ?repository={{repository}} &path={{path}} &commitOrBranch={{commitOrBranch}} ...READ MORE

answered Mar 24, 2022 in DevOps & Agile by gaurav
• 23,260 points
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP