What is the best alternative to renew a certificate stored in Azure Key Vault?
Question
I want to renew the certificate and update the certificate in AKS using kubectl commands. What is the best and easy way to do this?
I have used KQL query and have managed to create an alert based on certificate expiry. Now I want actions based on this alert. I don't want to use Logic Apps or Event grid for this
- Create an Azure DevOps pipeline and schedule it which will run few commands to query(Query Alert task seems to be agentless) the alerts and update the certificate.
- Trigger an Azure Function based on the alert and run powershell commands inside Azure Function to update the certificate.
- Is there any better way to do this?
1 answers
solution1
1 2022-05-02 21:26:03
PowerShell is definitely the easiest way to do this. To add an existing cert to KeyVault you can use this script and modify to your needs.
$securePassword = ConvertTo-SecureString -String $certPassword -Force -AsPlainText
$cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name $certName -FilePath $certFilePath -Password $securePassword
This will create a new version of the cert with the same name in the key vault. As long as you don't reference the specific version when retrieving from KeyVault, it will return the latest.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.