How to store a private key in Azure Keyvault?

Question

I am trying to store a private key as a secret in the Azure Keyvault through the Azure portal but when I retrieve the value, I see it's modified (additional spaces are added). I also tried to add the secret through the az cli as follows:

$file = get-content C:\Dev\private.key

az keyvault secret set --name private_key --value $file --vault-name testing-kv

But I encountered the following error:

unrecognized arguments: MIIEXXXXXXX... Only the -----BEGIN PRIVATE KEY----- part of the private key is recognized but the rest isn't.

I also looked at this post Store Private Key into Azure KeyVault, value got changed and the solution indicates to convert the private key as a secure string and upload the encoded value to the key vault:

$secretvalue = ConvertTo-SecureString 'C:\Dev\private.key' -AsPlainText -Force

az keyvault secret set --name private_key --value $secretValue

But this didn't work because it stores the string [System.Secure.String] in the keyvault.

How can I store this private key in its integrity into the keyvault?

Answer 1

I had to run in Powershell:

az login

az account set --subscription mysub

Go to the folder where you have the private cert and type:

az keyvault secret set --name mynewkey --vault-name test-kv --file .\private.key

This command reads the private key from a file and stores it in the keyvault without any modification