Using Azure Automation and creating an X509Certificate2 object from a certificate

Kenneth Huddleston 145 Reputation points
2023-04-06T15:29:27.3533333+00:00

I am attempting to use a certificate that I have loaded into my automation account to authenticate with Google Sheets API via a service account. This is being done in a PowerShell runbook. The certificate is being retrieved with this command: ``

$cert = (Get-AutomationCertificate -Name 'service-account-cert')

Once I have the certificate, I am attempting to create an instance of X509Certificate2 using the following command:
`

New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($cert, $cert_pswd,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable )

This script 'works' locally, but fails in azure automation. My hypothesis is the reason for the failure is because 'locally' my cert is represented by a filepath "C:/cert_file_path.pfx". In the sandbox environment, however, Azure seems to be representing the cert itself, which could lead to this error? How do I declare an X509Certificate2 object in an azure automation sandbox environment using a 'shared credential' from the automation account?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,140 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,137 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Maxim Sergeev 6,566 Reputation points Microsoft Employee
    2023-04-07T00:18:41.06+00:00

    Hi there, It seems you need to temporary store the certificate by using the following recommendation https://learn.microsoft.com/en-us/azure/automation/automation-runbook-execution#temporary-storage-in-a-sandbox

    0 comments No comments