Managing certificates with the Azure Credential Vault
How to set up and test an Azure environment and manage certificates with the Credential Vault.
The PowerShell toolkit supports the retrieval of certificates from the Azure Credential Vault.
For specific information on configuring the toolkit to use the Azure Credential Vault, see Accessing Certificates from the Azure Key Vault.
About the Azure Credential Vault
The Azure Credential Vault provides a secure mechanism for storing keys, secrets, and certificates.
Microsoft also refer to it as the Azure Key Vault.
From Microsoft’s own documentation:
Secrets are any sequence of bytes under 10 KB like connection strings, account keys, or the passwords for PFX (private key files). An authorized application can retrieve a secret for use in its operation.
Keys involve cryptographic material imported into Key Vault, or generated when a service requests the Key Vault to do so.
An Azure Key Vault certificate is simply a managed X.509 certificate.
Note the vault URI
From the Overview page in the key vault section of the portal, note the Vault URI.
Note the managed identity Client ID
When you created the credential vault, you also assigned privileges to an associated managed identity. Note the client ID of this managed identity.
Ensure that this managed identity has been assigned to the VM on which you intend to run the PS toolkit
For the toolkit to be able to access the Credential Vault, it must be invoked from a VM which has been assigned the management identity.
