When was the last time you tried to upload a certificate to the Azure Key Vault? At the time of writing, you can’t from the portal.
Good news, you can using PowerShell. Below will guide you how to upload a private key certificate to Azure Key Vault:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|### Log into Azure|
|$Subscription = (Get-AzureRmSubscription | Out-GridView –Title "Choose a Source & Target Subscription …" –PassThru)|
|Select-AzureRmSubscription –SubscriptionId $Subscription.Id|
|# Upload Certificate to Azure's Key Vault|
|$securepfxpwd = ConvertTo-SecureString –String 'password' –AsPlainText –Force # Password for the private key PFX certificate|
|$certificateName = 'My-Cert'|
|$vaultName = 'MyVault'|
|$cer = Import-AzureKeyVaultCertificate –VaultName $vaultName –Name $certificateName –FilePath 'C:\My-Cert.pfx' –Password $securepfxpwd|
Did you happen to notice if your PFX password still worked when trying to download the secret afterward? It doesn’t. They strip out the value after you upload it. The PFX Import manager will only accept a null value as valid, I lost a couple of nights trying to figure this out.