Storing SSH & PGP Keys in Azure Key Vault

An unfortunate limitation of the Azure Key Vault – Keys is that you don’t actually ever have access to the private key, so if you’re using a 3rd party .Net library they are a bit useless.

Note: You can’t copy and paste the file contents into the Azure portal directly, it destroys some of the file formatting.

The workaround is to store your keys in secrets to safely store them away and access them in code when you need.

There are plenty of out of date articles using the older AzureRm libraries, but it’s on the way out so here’s how to do it simply in PowerShell 7 using the newer Az libs.

If you haven’t already installed the Azure Az modules, run the command below.

Install-Module -Name Az -AllowClobber -Scope CurrentUser

Once you’ve got that installed you need to connect to your Azure tenant.

Connect-AzAccount

You’ll have to follow the instructions and pop the code into the URL to auth and connect.

Now assuming you have you key files stored locally on your machine in one of the text formats (ppk, asc etc). You need to run the following command.

Set-AzKeyVaultSecret -VaultName my-key-vault-name -SecretName Key-MyKey-PGP-Src-Public -SecretValue (ConvertTo-SecureString (Get-Content C:\temp\MyKeyPGPPublic.asc -Raw) -force -AsPlainText)

If all goes to plan you should see your secret entry pop up in you Azure admin portal. I’ll post some more information on setting up ASP.NET Core projects to store the Client Ids and Client Secrets in the Key Vault soon.

Leave a Reply

Your email address will not be published. Required fields are marked *