Sisir Patnaik
Reputation: 53
What is the best alternative to renew a certificate stored in Azure Key Vault?
I want to renew the certificate and update the certificate in AKS using kubectl commands. What is the best and easy way to do this?
I have used KQL query and have managed to create an alert based on certificate expiry. Now I want actions based on this alert. I don't want to use Logic Apps or Event grid for this
- Create an Azure DevOps pipeline and schedule it which will run few commands to query(Query Alert task seems to be agentless) the alerts and update the certificate.
- Trigger an Azure Function based on the alert and run powershell commands inside Azure Function to update the certificate.
- Is there any better way to do this?
Upvotes: 0
Views: 382
Answers (1)
joelforsyth
Reputation: 1041
PowerShell is definitely the easiest way to do this. To add an existing cert to KeyVault you can use this script and modify to your needs.
$securePassword = ConvertTo-SecureString -String $certPassword -Force -AsPlainText
$cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name $certName -FilePath $certFilePath -Password $securePassword
This will create a new version of the cert with the same name in the key vault. As long as you don't reference the specific version when retrieving from KeyVault, it will return the latest.
Upvotes: 1
Related Questions
- Is there a way to regenerate the secret used to access a Key Vault?
- Need recommendation on updating secrets to KeyVault
- KeyVault certificate renew RSA key pair
- How to auto renew SSL certificates in Azure Key Vault with sslforfee after 90 days?
- Azure Key Vault - How to update the secrets
- Azure CLI or PowerShell command to create new version of a certificate in keyvault
- Renewing - Azure App Service SSL Certificate
- Azure Key Vault Protecting Certificate
- How do you manually renew a certificate in AzureKeyValut
- How to renew SSL certificate on an Azure Cloud Service?