Hi @Abby Greentree,
You are correct that the create_from_x509_certificate
method of the IoTHubDeviceClient
class expects an azure.iot.device.x509.X509
object, not a symmetric key.
If you want to use the x509 authentication method for the device identity, you will need to obtain the device certificate and private key in a format that can be used to create an azure.iot.device.x509.X509
object.
One way to do this is to use the Azure Identity Service APIs to obtain the certificate and private key in PEM format, which can be used to create an azure.iot.device.x509.X509
object.
Here is an example of how to do this:
from azure.identity import DefaultAzureCredential
from azure.keyvault.certificates import CertificateClient
from azure.iot.device.x509 import X509
# Retrieve the device certificate and private key from the certificate store
credential = DefaultAzureCredential()
certificate_client = CertificateClient("<your-key-vault-url>", credential)
certificate = certificate_client.get_certificate("<your-certificate-name>")
private_key = certificate_client.get_certificate_private_key("<your-certificate-name>")
# Convert the certificate and private key to PEM format
certificate_pem = certificate.cer.encode().decode()
private_key_pem = private_key.export_key().decode()
# Create an instance of X509 with the certificate and private key in PEM format
x509 = X509(cert=certificate_pem, key=private_key_pem)
# Create an instance of IoTHubDeviceClient with the connection string for your IoT Hub and X509Authentication instance
connection_string = "<your-iothub-connection-string>"
device_client = IoTHubDeviceClient.create_from_connection_string(connection_string, x509=x509)
In this example, we use the Azure Key Vault Python library to retrieve the device certificate and private key from the certificate store, but you could use any method you prefer to retrieve these values.
Note that the get_certificate
and get_certificate_private_key
methods of the CertificateClient
class return cryptography
objects, which need to be converted to PEM format using the encode
and export_key
methods, respectively.
I hope this helps!
We are more than happy to help you on this.
Please comment in the below section for further help!