'Can i use azure key vault to sign a jar file using jarsigner
I have a certificate in azure key vault which i don't want to import to the signing machine. instead i want to use that certificate to sign a jar file by authenticating to azure key vault or some other way. Is there any way to achieve this. Thanks in advance
Solution 1:[1]
KeyVault is just a provider to store secrets, keys and certificates. It does not offer any options to execute anything on it.
If you want to use the certificate you need to retrieve it:
$cert = Get-AzKeyVaultCertificate -VaultName $vaultName -Name $certName
$secret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $cert.Name
$secretByte = [Convert]::FromBase64String(($secret.SecretValue | ConvertFrom-SecureString -AsPlainText))
# Write to a file
[System.IO.File]::WriteAllBytes("cert.pfx", $secretByte)
You could however execute the signing task as part of an Azure DevOps Pipeline or inside an Azure Container Instance. So, the Certificate will not be stored on your local device. But at some point the certificate need to leave the KeyVault to be worked with.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Julian Hüppauff |