ksi*_*elo 2 certificate azure azure-keyvault
我正在尝试将证书从一个密钥保管库复制到另一个密钥保管库,而不将其保留在本地计算机上。我看起来 Azure KeyVault CLI 仅支持基于文件的证书导入,如下所示:
# download cert
az keyvault certificate download --file $certFileName --vault-name $sourceAkv -n $certName
# import cert
az keyvault certificate import --file $certFileName --vault-name $destAkv -n $certName
有什么方法可以传递对象或字符串吗?在 Azure Powershell 模块中,这是可能的:
Import-AzureKeyVaultCertificate -VaultName $DestinationVaultName -Name $CertificateName -CertificateString $secretText.SecretValueText
想法?
小智 6
我发现类似的东西可以在 PowerShell 中将证书和密钥导出为对象,然后将其导入到另一个 keyvault 中,而无需将其另存为临时 PFX 文件。
$CertName = 'mycert'
$SrcVault = 'mysourcekeyvault'
$DstVault = 'mydestinationkeyvault'
$cert = Get-AzKeyVaultCertificate -VaultName $SrcVault -Name $CertName
$secret = Get-AzKeyVaultSecret -VaultName $SrcVault -Name $cert.Name
$secretValueText = '';
$ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret.SecretValue)
try {
$secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)
}
finally {
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)
}
$secretByte = [Convert]::FromBase64String($secretValueText)
$x509Cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$x509Cert.Import($secretByte, "", "Exportable,PersistKeySet")
Import-AzKeyVaultCertificate -VaultName $DstVault -Name $CertName -CertificateCollection $x509Cert
| 归档时间: |
|
| 查看次数: |
5059 次 |
| 最近记录: |