Reputation: 1
Import a pem format public key using import_key API of Azure key vault (python)
Is there a way to import a .pem format public key (starting with -----BEGIN PUBLIC KEY----- and ending with -----END PUBLIC KEY-----) into the Azure key vault in python?
Ideally, import_key() method takes the JsonWebKey format to import a RSA public key. Is there a way to convert a .pem format public key into JsonWebKey object to be passed into import_key SDK call. Our use case is that we need to import an externally generated RSA public key into the Azure key vault.
Is there a python module to convert a .pem format into JsonWebKey object, that can be passed to import_key method of Azure key vault?
Upvotes: 0
Views: 1069
Answers (1)
Reputation: 753
I tried to import a pem format public key using import_key API of azure keyvault using python
I have created the keyvault as shown below
I have two certificates with .pfx and .cer format
I have followed the below script to import a public key using import_key API This script I have taken from this Github url and I have changed as per my requirement
import os
from azure.identity import DefaultAzureCredential
from azure.keyvault.certificates import (
CertificateClient,
CertificateContentType,
CertificatePolicy,
WellKnownIssuerNames,
)
credential = DefaultAzureCredential()
client = CertificateClient(vault_url="https://keyhttpfrontdoor.vault.azure.net/", credential=credential)
pfx_cert_name = "newcert.pfx"
with open(os.environ[""C:\\Users\\v-kannem\\Desktop\\newcert123.pfx""], "rb") as f:
pfx_cert_bytes = f.read()
imported_pfx_cert = client.import_certificate(certificate_name=pfx_cert_name, certificate_bytes=pfx_cert_bytes)
print("PFX certificate '{}' imported successfully.".format(imported_pfx_cert.name))
pem_cert_name = "komaalinewcert.cer"
with open(os.environ[""], "rb") as f:
pem_cert_bytes = f.read()
pem_cert_policy = CertificatePolicy(issuer_name=WellKnownIssuerNames.self, content_type=CertificateContentType.pem)
imported_pem_cert = client.import_certificate(
certificate_name=pem_cert_name, certificate_bytes=pem_cert_bytes, policy=pem_cert_policy
)
print("PEM-formatted certificate '{}' imported successfully.".format(imported_pem_cert.name))
And then this can be converted using jwk = pubKey.getJwk() which will return the JWK in the most compact JSON format possible.
For importing and exporting the certificates please use the below script
For downloading the certificates Use this PowerShell commands
NOTE:
The azure keyvault only support asymmetric key pair, we can't import public key as a keyvault, it will say that file does not contain private key, if we want to import public key we have to do it as secret, for that we have to create the secrets in the keyvault.
Upvotes: 0
Related Questions
- How to Get Private Key from Certificate in an Azure Key Vault?
- Python: Azure Function Key Vault reference for certificates?
- Download the public key in .PEM format from Azure Key Vault
- Import EC Key into Key Vault
- Azure Retrieve Secret from key vault
- Azure: Python SDK and KeyVault -- Service Principal
- Azure key vault: import pkcs12
- Decoding JsonWebKey from Azure Key Vault with Python
- Azure key vault create in Python
- Getting pem file uploaded in Azure Key Vault Keys