By using the ARM API's I am able to fetch the secret uri of the secret stored in azure keyvault
https://management.azure.com/subscriptions/{mySubID}/resourceGroups/{myResourcegroup}/providers/Microsoft.KeyVault/vaults/{myvaultName}/secrets/{mycert}?api-version=2015-06-01
But I wanted a secret value to form a PFX cert inorder to upload to a service.
How can I achieve this ?
Please help !! Thanks in advance ....
On
I wanted a secret value to form a PFX cert inorder to upload to a service.
We could do that with the following API.
Get https://{Secret Identifier}?api-version=2016-10-01
More details please refer to this. About authentication please refer this document.
Note: The authority for a request to a Key Vault is always as follows,
https://vault.azure.net/
We could get the Secret Identifier from you mentioned API. We also could get it from Azure portal.
I test it on my side it works correctly on my side. More details please refer to the screenshot
On
FWIW I used a PowerShell script similar to below to get a KeyVault secret value. Great Q and Great A (not mine, those). In case it's not clear the AZ command is part of the Azure CLI.
$keyvaultToken = (az account get-access-token --resource https://vault.azure.net) | ConvertFrom-Json
$headers = @{"Authorization" = "$($keyvaultToken.tokenType) $($keyvaultToken.accessToken)"}
$resp = iwr -uri https://vaultname.vault.azure.net/secrets/secretName/secretVersion?api-version=2016-10-01 -Headers $headers
$json = $resp.Content | ConvertFrom-Json
$json.value
This worked for me
Refernce: https://learn.microsoft.com/en-us/rest/api/keyvault/getsecret
NOTE:
I was not successful with this in the beginning, later found out that I was using the token obtained from
https://management.core.windows.netApparently it failed saying like
InvalidAuthenticationTokenAudience :The access token has been obtained from wrong audience or resourceSo remember you have to get the token from
https://vault.azure.net