如何在Azure Key Vault中序列化和反序列化PFX证书? [英] How to serialize and deserialize a PFX certificate in Azure Key Vault?

问题描述

我有一堆字符串和pfx证书，我想将它们存储在Azure Key保管库中，只有允许的用户/应用程序才能获取它们.将字符串存储为Secret并不难，但是如何以一种可以序列化证书的方式来检索它并以

I have a bunch of strings and pfx certificates, which I want to store in Azure Key vault, where only allowed users/apps will be able to get them. It is not hard to do store a string as a Secret, but how can I serialize a certificate in such way that I could retrieve it and deserialize as an X509Certificate2 object in C#?

我试图将其存储为密钥.这是Azure Powershell代码

I tried to store it as a key. Here is the Azure powershell code

$securepfxpwd = ConvertTo-SecureString -String 'superSecurePassword' -AsPlainText -Force
$key = Add-AzureKeyVaultKey -VaultName 'UltraVault' -Name 'MyCertificate' -KeyFilePath 'D:\Certificates\BlaBla.pfx' -KeyFilePassword $securepfxpwd

但是当我尝试使用 GetKeyAsync 方法，我无法使用它.

But when I tried to get it with GetKeyAsync method, I couldn't use it.

推荐答案

以下是适合您的PowerShell脚本.替换文件路径，密码，文件库名称，秘密名称.

Here's a PowerShell script for you. Replace the file path, password, vault name, secret name.

$pfxFilePath = 'C:\mycert.pfx'
$pwd = '123'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName 'myVaultName' -Name 'mySecretName' -SecretValue $Secret -ContentType $secretContentType

这是一个常见问题，因此我们将对其进行完善并作为助手发布.

This is a common question, so we are going to polish this up and release as a helper.

上面的脚本剥离了密码，因为拥有受密码保护的PFX没有任何价值，然后将密码存储在密码旁边.

The script above strips the password because there's no value in having a password protected PFX and then storing the password next to it.

这篇关于如何在Azure Key Vault中序列化和反序列化PFX证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！