Key Vault virtual machine extension for Linux - how to delete previous PEM file

Michal Orac 1 Reputation point

I have successfully installed the Key Vault virtual machine extension for Linux on Ubuntu 18.04 (Azure VM).
The certificate from KeyVault is imported in the default store /var/lib/waagent/Microsoft.Azure.KeyVault in PEM format.

How do I ensure that after importing a new version of the certificate, only the current one remains in the store and the old (invalid) is deleted?

This is the current state:
adminmox2@VM2:/var/lib/waagent/Microsoft.Azure.KeyVault$ ls

Thank you

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
769 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 24,231 Reputation points Microsoft Employee

    Hi @Michal Orac ,

    With Key Vault certificates you cannot just delete a specific version. You cannot do this for any object because Key Vault doesn't care if it is a certificate, key, or secret. If you delete a certificate it deletes it entirely and there is no workaround that I am aware of. Now when you create a new version of any object in Key Vault, the old one is still there but is invalid and no longer used. In your case the certificate versions have a thumbprint which designates them the current version and the certification will not be able to be used unless you download the version with the thumbprint.


    Let me know if this helps.

    If this answer was helpful, please consider marking as answer so that others in the community with similar searches can more easily find a solution.

    0 comments No comments