Accessing Certificates from the Azure Key Vault
How to use the PowerShell toolkit to directly retrieve certificates from the Azure Key Vault and then use them to authenticate with the Tachyon Platform.
About the Azure Key Vault
The Azure Key Vault, or Azure Credential Vault, is a resource accessible from any guest machine in the resource group to which the vault belongs, unlike certificate stores, which are local to each guest.
For more information, see Managing certificates with the Azure Credential Vault.
Using the PowerShell Toolkit with the Azure Key Vault
You can use the PowerShell Toolkit to retrieve certificates from the key vault. The set-tachyonserver cmdlet accepts three parameters which allow you to authenticate directly using certificates from the key vault.
The get-tachyoncertificatefromkeyvault cmdlet allows you to directly retrieve an X509 certificate object and then pass it to other cmdlets which accept certificates, such as get-tachyonbearertoken.
These cmdlets are discussed in more detail in Tachyon Server management cmdlets.
Support DLLs
The PowerShell toolkit dynamically loads five support DLLs (assemblies) which must be located in the folder containing the PowerShell toolkit files. An error is thrown if any of these cannot be loaded.
These are:
Azure.Identity.dll
Azure.Security.KeyVault.Certificates.dll
Azure.Security.KeyVault.Secrets.dll
Azure.Core.dll
Microsoft.Identity.Client.dll
You can obtain these for the target .NET platform you are running PowerShell Core from, by using the install-package cmdlet for each of these and then copying the appropriate DLL from the installed nugetpackage path for the appropriate library. To find the path use the get-package cmdlet which shows all installed packages and their install paths.
Note
Unfortunately, at present PowerShell Core doesn’t have direct support for consuming Nuget packages - this is a requested feature that may be implemented in due course.