KeyVault generated certificate with exportable private key
I\'m attempting to create a self signed certificate in KeyVault using the \"Self\" issuer.
$policy = New-AzureKeyVaultCertificatePolicy -SubjectName
-
Following is C# code to retrieve all versions of a certificate, including their private keys, from newest to oldest, given its certificate name and KeyVault connection info. It uses the new
Azure.Core,Azure.Identity, andAzure.Security.KeyVault.[Certificates|Secrets]SDK packages.using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Text; using Azure.Core; using Azure.Identity; using Azure.Security.KeyVault.Certificates; using Azure.Security.KeyVault.Secrets; public static class CertTools { public static void MyMethod(string tenantId, string clientId, string clientSecret, Uri keyVaultUri) { var cred = new ClientSecretCredential(tenantId, clientId, clientSecret); // or any other means of obtaining Azure credential var certs = GetAllCertificateVersions(keyVaultUri, cred, "MyCert"); } public static ListGetAllCertificateVersions(Uri keyVaultUri, TokenCredential credential, string certificateName) { var certClient = new CertificateClient(keyVaultUri, credential); var secretClient = new SecretClient(keyVaultUri, credential); var now = DateTimeOffset.UtcNow; var certs = new List (); foreach (var cert in certClient.GetPropertiesOfCertificateVersions(certificateName) .OrderByDescending(x => x.CreatedOn) // fetch all enabled, non-expired certificates. adjust this predicate if desired. .Where(x => x.ExpiresOn >= now && (x.Enabled ?? false))) { var secret = secretClient.GetSecret(certificateName, cert.Version).Value; certs.Add(new X509Certificate2(Convert.FromBase64String(secret.Value))); } return certs; } } Thanks to @Nandun's answer here for pointing me in the right direction of using the SecretClient instead of CertificateClient, but that post was marked as a duplicate so posting this extended code here.
加载中...
- 热议问题