how do Iupload an SSH private key to Key Vault

Question

Azure VMs can use the Bastion Service now with a private key from an azure key vault stored as a secret. I'm not sure why they don't use the Key feature of Key Vault. It appears that they want the SSH private key stored as a secret.

I have tried cutting and pasting my private key starting with the text "-----BEGIN RSA PRIVATE KEY-----" as a secret value yet when I try to use that secret with Azure Bastion service to connect to my linux VM, it is telling me that the SSH key seems to be formatted incorrectly.

If I look at the secret value, it appears to start with the text "-----BEGIN RSA PRIVATE KEY-----" and end with the text "-----END RSA PRIVATE KEY-----"

I see no directions on how to properly upload an SSH private key to Azure Key vault as a secret. The instructions they do document for Bastion only show how to use the already uploaded SSH key.

Can someone tell me or point me in the correct direction to documentation on how to properly upload a .pem file as a Key Vault secret. Also, I'd like to know why the Bastion service uses Secrets instead of Keys in the Azure Key Vault service. This seems wrong.

Answer 1

Hi John,

Try uploading your private SSH key using az keyvault secret set:

https://itprovssoftware.wordpress.com/2018/03/18/storing-your-private-ssh-key-in-azure-key-vault/

---

If this is helpful please accept answer.

Answer 2

any method uploading from azure portal?