No, a certificate used for an app registration must be added directly to the app registration, it cannot be in Key Vault.
However, the app registration only has the public key assigned to it, not the private key, so the security concerns around this should be minimal.
Certificates: Azure App Registration versus Azure Key Vault
I have an Azure App registration created to automate authentication to SharePoint online via a powershell command.
We log on to SPO using tenant ID, Client ID, and the thumprint of a certifiate loaded onto the client machine.
This certificate is stored with the Azure App Registration. I believe I want to move it into a key Vault for more protection.
Can a certificate used in an Azure App Registration be moved to an Azure Key Vault? If so what do you do with the cert that is in the Azure App Registration area? Delete it? Will the thumbprint change?
Is there a way to lock down an Azure App registration / Certificate in a key vault so that only certain scrips can use it (example: ExampleFileName.ps1?
What is the difference between Secrets and Certificates in Azure App Registration versus Certificate and Secrets in a Azure KeyVault?
1 answer
Sort by: Most helpful
-
Sam Cogan 10,742 Reputation points MVP
2022-03-01T17:17:53.867+00:00