This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 38%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
I have an Azure App registration created to automate authentication to SharePoint online via a powershell command.
We log on to SPO using tenant ID, Client ID, and the thumprint of a certifiate loaded onto the client machine.
This certificate is stored with the Azure App Registration. I believe I want to move it into a key Vault for more protection.
Can a certificate used in an Azure App Registration be moved to an Azure Key Vault? If so what do you do with the cert that is in the Azure App Registration area? Delete it? Will the thumbprint change?
Is there a way to lock down an Azure App registration / Certificate in a key vault so that only certain scrips can use it (example: ExampleFileName.ps1?
What is the difference between Secrets and Certificates in Azure App Registration versus Certificate and Secrets in a Azure KeyVault?
No, a certificate used for an app registration must be added directly to the app registration, it cannot be in Key Vault.
However, the app registration only has the public key assigned to it, not the private key, so the security concerns around this should be minimal.
@Sam Cogan
Thank you.
When would I use app registration and when would I use Azure Key Vault?
Our ultimate goal here is to secure the secrets/certificates that we use to automate the logon to various Azure / Sharepoint services.
Am I thinking about this wrong?