How to serialize and de-serialize a PFX certificate in Azure Key Vault

0 votes

I have a bunch of strings and pfx certificates, which I want to store in Azure Key vault, where only allowed users/apps will be able to get them. 

It is not hard to do store a string as a Secret, but how can I serialize a certificate in such way that I could retrieve it and de-serialize as an "X509Certificate2" (msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx) object in C#?

I tried to store it as a key. Here is the Azure powershell code:

$securepfxpwd = ConvertTo-SecureString -String 'superSecurePassword' -AsPlainText -Force
$key = Add-AzureKeyVaultKey -VaultName 'UltraVault' -Name 'MyCertificate' -KeyFilePath 'D:\Certificates\BlaBla.pfx' -KeyFilePassword $securepfxpwd

But when I tried to get it with GetKeyAsync method, I couldn't use it.

Sep 24, 2018 in Azure by null_void
• 3,220 points

edited Sep 24, 2018 by null_void 1,533 views

1 answer to this question.

0 votes
Best answer

Here's a PowerShell script for you. Replace the file path, password, vault name, secret name.

$pfxFilePath = 'C:\mycert.pfx'
$pwd = '123'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName 'myVaultName' -Name 'mySecretName' -SecretValue $Secret -ContentType $secretContentType

This is a common question, so we are going to polish this up and release as a helper.

The script above strips the password because there's no value in having a password protected PFX and then storing the password next to it.

answered Sep 24, 2018 by club_seesharp
• 3,450 points

selected Sep 24, 2018 by null_void

Related Questions In Azure

0 votes
2 answers
0 votes
1 answer

How to update a resource group lock with new notes and type in Azure?

Hi@akhtar, You can update the group lock with ...READ MORE

answered Nov 16, 2020 in Azure by MD
• 95,440 points
387 views
0 votes
1 answer

Azure Blob: How to open a file in browser without downloading it?

First, because I was using a byte[] the controller ...READ MORE

answered Jun 20, 2018 in Azure by club_seesharp
• 3,450 points
23,203 views
0 votes
1 answer

How to get the list of names of Azure blob files in a container?

We can get some additional info like Size, ...READ MORE

answered Jun 27, 2018 in Azure by club_seesharp
• 3,450 points
20,904 views
0 votes
0 answers

How to create a sub-container in Azure?

How to create a sub-container in Azure ...READ MORE

Jun 28, 2019 in Azure by sabby
• 4,390 points
894 views
0 votes
1 answer

How to create a sub-container in Azure?

You can create a container named "content" and ...READ MORE

answered Jun 28, 2019 in Azure by Perry
• 17,100 points

edited Oct 7, 2021 by Sarfaraz 1,720 views
0 votes
1 answer

How to Schedule a task in Azure Worker role?

You can simply have a message on ...READ MORE

answered Jul 1, 2019 in Azure by Perry
• 17,100 points
1,107 views
0 votes
2 answers

How can I download a .vhd image to my local machine from azure and upload the same to a different azure account?

From the Windows Azure Portal you can ...READ MORE

answered Aug 20, 2018 in Azure by Priyaj
• 58,090 points
13,653 views
0 votes
1 answer

How to identify a deadlock in SQL Azure?

Monitoring of SQL Azure is more limited ...READ MORE

answered Jun 19, 2018 in Azure by club_seesharp
• 3,450 points
2,291 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP