Azure : Error using certificate obtained from Key Vault in App Service

0
votes

In my Azure App Service which runs a net472 web app, I access certificate from key vault as follows :

var certSecret = await kvClient.GetSecretAsync(kvName, secretName);

I then need to send the certificate to authenticate to an external service

var cert = new X509Certificate2(Convert.FromBase64String(certSecret.Value));

This line throws an error

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
   at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
1
azureazure-keyvaultazure-managed-identityazure-appservice

1 Answers

0
votes

Try to get secret as below:

var certSecret = await kvClient.GetSecretAsync(vaultBaseUrl, secretName);

You could retrieve certSecret.value to check whether it has value then send it to X509Certificate2 which specify the X509KeyStorageFlags storage flags.

X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(certSecret.value), string.Empty, X509KeyStorageFlags.MachineKeySet)