How can I create an X509Certificate2 object from an Azure Key Vault KeyBundle

后端 未结 3 835
死守一世寂寞
死守一世寂寞 2021-02-19 17:56

I am using Azure Key Vault to protect our keys and secrets, but I am unsure how I can use the KeyBundle I retrieve using the .net SDK. How can I create an X509Certificate2 objec

3条回答
  •  感情败类
    2021-02-19 18:09

    November 2020 Update:

    In the current version of Azure Key Vault, Certificates are a first class concept rather than a type of Secret.

    If your Key Vault instance already has a certificate with an exportable private key, you'd fetch it and hydrate an X509Certificate2 as follows:

    Create the required clients using a DefaultAzureCredential

    var certClient = new CertificateClient(new Uri("https://yourKeyVault.vault.azure.net/"), new DefaultAzureCredential());
    var secretClient = new SecretClient(new Uri("https://yourKeyVault.vault.azure.net/"), new DefaultAzureCredential());
    

    Get the certificate, which includes a link to the private key secret.

    Note: The latest (4.2.0 beta) version of the Key Vault Secrets library includes a helper class called KeyVaultSecretIdentifier that does this parsing for you.

    Response certResponse = await certClient.GetCertificateAsync("testCert");
    
    // Get the secretId and parse out the parts needed to fetch the secret.
    Uri secretId = certResponse.Value.SecretId;
    var segments = secretId.Segments;
    string secretName = segments[2].Trim('/');
    string version = segments[3].TrimEnd('/');
    

    Get the secret for the certificate and use it to construct a new X509Certificate2.

    Response secretResponse = await secretClient.GetSecretAsync(secretName, version);
    
    KeyVaultSecret secret = secretResponse.Value;
    byte[] privateKeyBytes = Convert.FromBase64String(secret.Value);
    
    var cert = new X509Certificate2(privateKeyBytes);
    

    For more information about the latest Key Vault Certificate and Secret clients, see their respective README docs here:

    Azure.Security.KeyVault.Certificates (migration guide from the old version)

    Azure.Security.KeyVault.Secrets (migration guide from the old version)

提交回复
热议问题