Hi @Moyer, Todd , you could try using BYOK specification. You can use the az keyvault key import
command with the --ops verify
option. This option specifies that the key can only be used for verifying signatures and not for encryption or decryption. Something like this:
az keyvault key import --vault-name MyKeyVault --name MyPublicKey --pem-file public_key.pem --ops verify
For Encryption Scopes or Key Wrapping with a RSA public key stored as a secret, unfortunately, it is not possible. Secrets in Azure Key Vault are designed to store small amounts of sensitive data, such as passwords, connection strings, and API keys. They do not support the advanced cryptographic operations that keys do, such as encryption scopes or key wrapping. If you need to perform these operations, you will need to use a key instead of a secret.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James