Azure KeyVault provides auditable, RBAC controlled access to Azure primitive like secrets which by default usually a simple string consisting of password or connection string and similar.
It’s possible to store complete text files in secrets which is useful if you want to store SSH keys and such and still have all the benefits of Azure Key Vault.
To store any text file in AzureKeyVault secret Set-AzureKeyVaultSecret cmdlet shall be used and contents of the file shall be passed as SecureString to SecretValue parameter.
For example following powershell script will store file rootCA.cer file as secret in Vault
To retrieve it we can use help of PSCredentialObject to convert securestring to plaintext and save it as a file.
You can save it then to file system and have identical certificate to then one which is uploaded
[PSCredential]::new(“user”,(Get-AzureKeyVaultSecret -Name rootca -VaultName MyKeyVault).SecretValue).GetNetworkCredential().Password | out-file ‘c:\test\retrieved.cer’ -Encoding utf8
Azure CLI way
Somewhat easier way to perform entire manipulation can be done with Azure CLI
To upload secret
To download secret
PS C:\>az keyvault secret download –name rootca –vault-name mykeyvault –file C:\test\retrieved.cer