azure-keyvault

问题 When I reference more than 30 keys from my global Key Vault in ARM template parameter file, then I get the following error in my deployments. The deployment has specified too many KeyVault parameter references. The maximum of KeyVault parameter references is '30'. Please help me how to override this limit or what is the alternative to reference more than 30 secrets/keys from Key Vault? 回答1: Just create a nested deployment that will reference 30 more secrets and return those as output into the

问题 I have enabled Managed Service Identities on an App Service. However, my WebJobs seem unable to access the keys. They report: Tried the following 3 methods to get an access token, but none of them worked. Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority: . Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an

问题 I am creating an Azure Key Vault. I am using the below ARM JSON template. I have an App created in Azure AD and I am trying to give that app all permissions so that I can use this Apps credentials to connect to the Key Vault from a Key Vault client. I am using TFS, and have created a "Azure Deployment:Create Or Update Resource Group" Release definition task to automate this. { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0

问题 This question already has answers here : How to serialize and deserialize a PFX certificate in Azure Key Vault? (4 answers) Closed 3 years ago . I uploaded a Certificate to Azure KeyVault and obtained "all" access to it using an application registered into the Active Directory. That all works fine. Now I need to load the obtained key into an X509Certificate to be able to use it as a client certificate for calling a 3rdparty legacy SOAP webservice. As far as I know I can only use a

问题 I'm trying to import certificate to Azure Key Vault through Azure Pipelines task Azure PowerShell I've entered this inline script there: $Password = ConvertTo-SecureString -String "$(cert.password)" -AsPlainText -Force Import-AzureKeyVaultCertificate -VaultName %KVNAME% -Name %NAME% -FilePath $(cert.secureFilePath) -Password $Password And I'm getting such error: "Key not valid for use in specified state" Do you have any suggestions on the cause of error? 回答1: Key not valid for use in

问题 Referring to the Azure keyvault Sign API at https://docs.microsoft.com/en-us/rest/api/keyvault/sign/sign. Its not clear if the "value" which is string (in request and response both), how the API expects the encoding for binary strings like digest and how the response has this 'value' encoded? Is this in base64? If so, Azure has any difference in base64? Any sample code showing this REST API request/response processing? 回答1: For the Sign API, the value is a digest. This page tells that it

问题 I am trying to encrypt sql server database in Azure VM using TDE where the EKM will use Azure Key vault. I have been following the steps outlined in below link. setup steps for EKM using Azure Key Vault I have followed all the steps exactly including the below step where we need to provide value for SECRET (Application ID without hyphens+ Azure vault key). USE master; CREATE CREDENTIAL sysadmin_ekm_cred WITH IDENTITY = 'keyvaultname', SECRET =

问题 Azure has a simple way of adding an App Service Certificate to a Key Vault from the web interface. I did this and later I accidentally deleted the certificate from the Key Vault . The App Service Certificate resource is still there, but the certificate no longer shows up in my Key Vault (obviously). Is there a way that I can re-add my App Service Certificate to my Key Vault ? Attached images: The App Service Certificate still thinks it's been added to Key Vault: ... but the cert is no longer

问题 This question already has an answer here : KeyVault generated certificate with exportable private key (1 answer) Closed last year . I have 2 approaches to do the same thing, but Azure has deprecated the one that works, and the other method doesn't work. The approach that works, but is deprecated: I store my PFX in Azure Key Vault Secrets . (when I create the secret I see a warning stating that this feature is deprecated) and use the following code to retrieve it to create my certificate:

问题 In the scenario for this question I am using a library that takes a certificate path as a parameter. Does that mean that it is not possible for me to store my certificate in Key Vault? 回答1: Does that mean that it is not possible for me to store my certificate in Key Vault? It is possible, but you have to give it a Name (key) to access it. When you add/import x.509 certificates to Azure Key Vault Certificates, you give it a name (which acts as a unique key for that certificate), and you access