1 min read

Certificate-based Service Principal with Azure Key Vault

Certificate-based Service Principal with Azure Key Vault
Photo by Towfiqu barbhuiya / Unsplash

This is just a write-up based on my experience and the Azure documentation. I highly recommend starting by reading the Azure docs!

You can create a Service Principal using the Azure CLI or the Azure Portal.

Create an Azure Key Vault to store the credentials, and use RBAC to give yourself the permissions needed.

Create a Certificate for the new service principal in the key vault and attach it to the Service Principal.

Download the certificate and convert it.

az keyvault secret download --file /path/to/cert.pfx --vault-name VaultName --name CertName --encoding base64
openssl pkcs12 -in cert.pfx -passin pass: -out cert.pem -nodes

Run the following command to sign in with the service principal.

az login --service-principal -u <app-id> -p <password-or-cert> --tenant <tenant>