AzureStack-QuickStart-Templ.../201-vm-windows-pushcertificate
Deepa Thomas 9392d98c0c Fix AzureStack QuickStartTemplates' Storage account resources to use … (#428)
* Fix AzureStack QuickStartTemplates' Storage account resources to use sku and kind - round2

* Fix AzureStack QuickStartTemplates' Storage account resources to use sku and kind - round3

* Proxy resources don't need to specify api version anymore as the bug is fixed, so remove the api version
2019-04-08 16:25:48 -07:00
..
README.md Adding KV templates (#288) 2017-08-25 13:06:57 -07:00
azuredeploy.json Fix AzureStack QuickStartTemplates' Storage account resources to use … (#428) 2019-04-08 16:25:48 -07:00
azuredeploy.parameters.json Adding KV templates (#288) 2017-08-25 13:06:57 -07:00
metadata.json Adding 2 templates that use managed disks and updating the updated date (#399) 2018-11-07 10:45:44 -08:00

README.md

Push a certificate onto a VM

Push a certificate onto a VM. Pass in the URL of the secret in Key Vault.

Pre-Requisites - You need a certificate. A self-signed test certificate can be created by following this guide - https://msdn.microsoft.com/en-us/library/ff699202.aspx

These are the steps that need to be followed to upload the certificate into the Key Vault as a secret

  1. Base64 encode the cert file

  2. Paste the base64 value into data field in this JSON object

    {
        "data": "<Base64-encoded-file>",
        "dataType": "<file-format: pfx or cer>",
        "password": "<pfx-file-password>"
    }
    
  3. Base64 the above JSON object

  4. Convert the base64 value into a secure string

    $secret = ConvertTo-SecureString -String 'password' -AsPlainText -Force

  5. Then use the secure string value for the SecretValue in this cmdlet

    Set-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' -SecretValue $secret

The following PowerShell script can make these steps easy

$fileName = "C:\Users\kasing\Desktop\KayTest.pfx"
$fileContentBytes = get-content $fileName -Encoding Byte
$fileContentEncoded = [System.Convert]::ToBase64String($fileContentBytes)

$jsonObject = @"
{
    "data": "$filecontentencoded",
    "dataType" :"pfx",
    "password": "<fill-in>"
}
"@

$jsonObjectBytes = [System.Text.Encoding]::UTF8.GetBytes($jsonObject)
$jsonEncoded = [System.Convert]::ToBase64String($jsonObjectBytes)

$secret = ConvertTo-SecureString -String $jsonEncoded -AsPlainText -Force
Set-AzureKeyVaultSecret -VaultName kayvault -Name testkay -SecretValue $secret