如果
pfxnew X509Certificate2(certificateFilePath, certificatePassword);
但是如何为存储在 Azure Keyvault 中的证书构建
X509Certificate2ClientIdClientSecret我创建了这个
AzureKeyvaultHelperusing System;
using System.Security.Cryptography.X509Certificates;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
namespace AzureUtils
{
public class AzureKeyvaultHelper
{
private readonly string _tenantId;
private readonly string _clientId;
private readonly string _clientSecret;
public AzureKeyvaultHelper(string tenantId, string clientId, string clientSecret)
{
_clientId = clientId;
_clientSecret = clientSecret;
_tenantId = tenantId;
}
public X509Certificate2 GetCertificate(string vaultName, string certName)
{
ClientSecretCredential credentials = new ClientSecretCredential(_tenantId, _clientId, _clientSecret);
var client = new SecretClient(new Uri(vaultName), credentials);
KeyVaultSecret secret = client.GetSecret(certName);
byte[] certificate = Convert.FromBase64String(secret.Value);
X509Certificate2 x509 = new X509Certificate2(certificate);
return x509;
}
}
}
基本上,你需要
Azure.IdentityAzure.Security.KeyVault.SecretsSecretClientAzure.Security.KeyVault.Secrets完全获取证书(包括
*.pfxclient.GetCertificateclient.GetSecretGetCertificate要传入的
vaultNamehttps://yourcustomname.vault.azure.netcertName于 2021 年 6 月 16 日在 v4.2.0 中添加了对
Azure.Security.KeyVault.CertificatesAzure.Security.KeyVault.Certificates 4.2.0 中添加了函数CertificateClient.DownloadCertificate 和CertificateClient.DownloadCertificateAsync。
https://learn.microsoft.com/en-us/samples/azure/azure-sdk-for-net/get-certificate-private-key/