Upload cloud service certificate from keyvault

Question

I have uploaded the SSl certificate to keyvault. Now I wanted to upload this certificate to my Cloud service

With this API I am able to access the Cert from keyvault

GET https://{vaultBaseUrl}/secrets/{secret-name}/{secret-version}?api-version={api-version}

But to upload certifcate, I need the password too.

"path": "subscriptions/%sub_Id%/resourceGroups/%rg_Name%/providers/Microsoft.ClassicCompute/domainNames/%cloudService_Name%/servicecertificates/SHA1-%THUMBPRINT%",
"body": {
     "thumbprintAlgorithm": "SHA1",
     "thumbprint": "%THUMBPRINT%",
     "data": "%base64encodedcert%",
     "certificateFormat": "pfx",
     "password": "password" << this is in plain text I believe
}

How to get the password from keyvault or upload service certificate without password or with secret URI ?

Answer 1

When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. You do not need to manually enter the value for the secret each time you deploy the resources.

For more details, refer to this documentation. Use Key Vault to pass secure parameter.

Also, check the Azure Key Vault REST API reference for examples.