Showing posts from May, 2019

Fetching a Private Key From An Azure Key Vault Certificate

If you create a private certificate in Azure Key Vault and use the fancy features like auto rotation, you might like to be able to fetch the private key from the vault and rehydrate it as a X509Certificate2 class in your C# code. Here is how you do that: KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken)); var certificateBundle = await keyVaultClient.GetCertificateAsync(certificateIdentifier); var certficiateSecret = await keyVaultClient.GetSecretAsync(certificateBundle.SecretIdentifier.Identifier); byte[] certificateDecoded = Convert.FromBase64String(certficiateSecret.Value); var certificate = new X509Certificate2(certificateDecoded, password: ""); The Certificate Bundle passed back from the  GetCertificateAsync call has a .Cer property, however that is just the bytes for the pubic key, if you do this: var publicCertificate = new X509Certificate2( certificateBundle.Cer ); The X509Certificate2 instance will onl