Certificate-based Service Principal with Azure Key Vault
This is just a write-up based on my experience and the Azure documentation. I highly recommend starting by reading the Azure docs!
You can create a Service Principal using the Azure CLI or the Azure Portal.
Create an Azure Key Vault to store the credentials, and use RBAC to give yourself the permissions needed.
Create a Certificate for the new service principal in the key vault and attach it to the Service Principal.
Download the certificate and convert it.
az keyvault secret download --file /path/to/cert.pfx --vault-name VaultName --name CertName --encoding base64
openssl pkcs12 -in cert.pfx -passin pass: -out cert.pem -nodesRun the following command to sign in with the service principal.
az login --service-principal -u <app-id> -p <password-or-cert> --tenant <tenant>