Get a certificate from Azure Key Vault in Logic App

Question

I have a certificate stored in my Azure Key Vault. I need to create a logic app in the same subscription to use this certificate to authenticate with an Azure App Service web API end point, using AAD. How do I retrieve the certificate from the logic app? I am hoping I can get it directly from the logic app somehow without having to download it locally and re-upload to the Logic App.

Answer 1

If you are adverse to API usage you need to store it as a multi-line secret in PEM format. Then get the secret.

This can mean needing to password protect a bundle post retrieval, another secret.

Decide which solution is less of a hassle.

Answer 2

Store your certificates in Key Vault, but if you want to use in a Logic App, the built-in Key Vault actions won't help. You have to resort to HTTP calls to the REST API!

Answer 3

You could call the REST API - Get Certificate in the logic app to retrieve the certificate, follow the steps below.

1.Enable system-assigned identity of the logic app in Azure portal

2.Navigate to the Access policies of your keyvault, add the system-assigned identity to it with the correct Certificate Permissions, follow this doc.

3.In the logic app, use the HTTP operation like below.