-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAdd-PFXasKeyVaultSecret.ps1
More file actions
74 lines (59 loc) · 1.99 KB
/
Add-PFXasKeyVaultSecret.ps1
File metadata and controls
74 lines (59 loc) · 1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<#
.SYNOPSIS
Script for to convert a .pfx certificate file to base64 and add it as a secret to the KeyVault.
.DESCRIPTION
This script is intended to be run from PowerShell in your current AzContext or inside your Azure DevOps to use in your ARM templates where you need to provide a base64. You can pull this information inside the deployment, from the keyvault.
.EXAMPLE
.\Add-PFXAsKeyVaultSecret.ps1 -keyVaultName keyvault01 -pfxFile c:\temp\certificate.pfx -pfxPassword
Created by RBNMK
#>
param(
[Parameter(Mandatory = $True)][string]$keyVaultName,
[Parameter(Mandatory = $True)][string]$pfxFile,
[Parameter(Mandatory = $False)][securestring]$pfxPassword
)
#Convert the PFX
try {
$pfx_file = Get-Content $pfxFile `
-Encoding Byte `
-ErrorAction Stop
}
catch {
Write-Warning "$($Error[0].Exception.Message)"
Break
}
if (!$pfxPassword) { $pfxPassword = Read-Host -AsSecureString -Prompt "Please enter the PFX password" }
$base64 = [System.Convert]::ToBase64String($pfx_file)
#Convert the passwords to securestring
$secretvalue = ConvertTo-SecureString $base64 `
-AsPlainText `
-Force `
$secretvalue2 = ConvertTo-SecureString $pfxPassword `
-AsPlainText `
-Force `
#Add the values to the keyvault
try {
$secret = Set-AzKeyVaultSecret `
-VaultName $KeyVaultName `
-Name 'pfxCertificateBase64' `
-SecretValue $secretvalue `
-ErrorAction Stop
Write-Host "Successfully added $($Secret.Name) to Keyvault: $keyVaultName" -ForegroundColor Green
}
catch {
Write-Warning "$($Error[0].Exception.Message)"
Return
}
try {
$secret2 = Set-AzKeyVaultSecret `
-VaultName $KeyVaultName `
-Name 'pfxCertificatePassword' `
-SecretValue $secretvalue2 `
-ErrorAction Stop
Write-Host "Successfully added $($Secret2.Name) to Keyvault: $keyVaultName" -ForegroundColor Green
}
catch {
Write-Warning "$($Error[0].Exception.Message)"
Return
}
Write-Host "Script completed" -ForegroundColor Green