I am trying to download the certificate secrete from Azure key vault using Az module but it's giving error.
$pfxSecret = Get-AzKeyVaultSecret -VaultName "xxxx" -Name "xxxxxxx" -AsPlainText
$secretByte = [Convert]::FromBase64String($pfxSecret)
$x509Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$x509Cert.Import($secretByte, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxFileByte = $x509Cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)
Write to a file
[IO.File]::WriteAllBytes("KeyVaultcertificate.pfx", $pfxFileByte)
Below is the error:
Exception calling "Import" with "3" argument(s): "Cannot find the requested object.
"
At line:6 char:1
+ $x509Cert.Import($secretByte, $null, [Security.Cryptography.X509Certi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CryptographicException
Exception calling "Export" with "2" argument(s): "Invalid pointer
"
At line:7 char:1
+ $pfxFileByte = $x509Cert.Export([Security.Cryptography.X509Certificat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CryptographicException
Exception calling "WriteAllBytes" with "2" argument(s): "Value cannot be null.
Parameter name: bytes"
At line:10 char:1
+ [IO.File]::WriteAllBytes("KeyVaultcertificate.pfx", $pfxFileByte)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException
Below one is giving different error:
$kvSecret = Get-AzKeyVaultSecret -VaultName "xxxxxx" -Name "xxxxxx" -AsPlainText
$kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText)
$jsonObject = [System.Text.Encoding]::UTF8.GetString($kvSecretBytes)
$customObject = ConvertFrom-Json $jsonObject
$pfxBytes = [System.Convert]::FromBase64String($customObject.data)
$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$certCollection.Import($pfxBytes,$customObject.password,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
Error:
Exception calling "Import" with "3" argument(s): "The parameter is incorrect.
"
At line:14 char:1
+ $certCollection.Import($pfxBytes,$customObject.password,[System.Secur ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CryptographicException
The same logic is working fine with the AzureRM module.
$kvSecret = Get-AzureKeyVaultSecret -VaultName $keyVault -Name $keyVaultSecret
$kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText)
$jsonObject = [System.Text.Encoding]::UTF8.GetString($kvSecretBytes)
$customObject = ConvertFrom-Json $jsonObject
$pfxBytes = [System.Convert]::FromBase64String($customObject.data)
$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$certCollection.Import($pfxBytes,$customObject.password,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)