New-AzureADApplicationKeyCredential using KeyVault-generated self-signed certs

Question

I’m interested in finding a way to create the KeyCredential using PowerShell - but w/o creating self-signed cert on the developer’s machine as the documentation for New-AzureADApplicationKeyCredential illustrates.

I’d like to generate the cert using KeyVault as described here and then pass the New-AzureADApplicationKeyCredential cmdlet an alternative parameter set - one that would only take the KeyVaultId and Secret/Certificate name. This doesn't appear to be supported.

Is there an alternative way for me to accomplish the goal of not creating the cert locally, but still affixing it to the ADApplication?

Answer 1

Unfortunately, we cannot just use KeyVaultId and certificate name to upload a credential to an Azure AD application. You still need to get the value and other parameters of the certificate.

I understand why you want to do this. But uploading a certificate to Azure AD application is also a new feature, I believe it will be better in future. For now, we just can use portal/powershell to upload a certificate from local machine and this needs some required parameters.

If this is important to you , you can post your idea in Azure AD Feedback Forum, Azure Team will see it. I will also upvote your post because I think it as a good idea too.