如何在Azure密钥库中存储pfx证书? [英] How to store pfx certificate in Azure Key Vault?
问题描述
我有一堆字符串和pfx证书,我想存储在Azure密钥库中,只有允许的用户/应用程序才能获得它们。使用字符串不难做到(只是创建一个秘密),但是如何存储一个证书,我可以检索它,并将其初始化为 X509Certificate2
I have a bunch of strings and pfx certificates, which I want to store in Azure Key vault, where only allowed users/apps will be able to get them. It is not hard to do it with the strings (just create a secret), but how can I store a certificate in such way that I could retrieve it and initialize it as a X509Certificate2 object in C#?
我试图将其存储为键。这是Azure PowerShell代码
I tried to store it as a key. Here is the Azure powershell code
$securepfxpwd = ConvertTo-SecureString -String 'superSecurePassword' -AsPlainText -Force
$key = Add-AzureKeyVaultKey -VaultName 'UltraVault' -Name 'MyCertificate' -KeyFilePath 'D:\Certificates\BlaBla.pfx' -KeyFilePassword $securepfxpwd
但是当我试图用 GetKeyAsync 方法,我可以真正使用它。
But when I tried to get it with GetKeyAsync method, I could really use it.
任何人都可以帮助?
推荐答案
这里有一个PowerShell脚本。替换文件路径,密码,文件库名称,密码名称。
Here's a PowerShell script for you. Replace the file path, password, vault name, secret name.
$pfxFilePath = 'C:\mycert.pfx'
$pwd = '123'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName 'myVaultName' -Name 'mySecretName' -SecretValue $Secret -ContentType $secretContentType
这是一个常见的问题,所以我们要将它抛光并释放为帮助器。
This is a common question, so we are going to polish this up and release as a helper.
没有密码保护PFX没有价值,然后在它旁边存储密码。
The script above strips the password because there's no value in having a password protected PFX and then storing the password next to it.
这篇关于如何在Azure密钥库中存储pfx证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!