/ KeyVault

Updating AzureApp Service certificates from Key Vault

You may have seen that I recently wrote a blog post on the Microsoft Premier Developer blog
about automatically rotating certificates in Azure Key Vault from certain certificate authorities. This is a great feature, which will save some headaches, I am sure!

However, I noticed that the certificate on my blog had expired late in December, and have been a bit lazy/relaxed in getting that resolved. Today was finally the day to fix it!

This was much easier than I thought. There is in fact a quickstart template to achieve just that task. If you wander over to the Web App integration with Key Vault quick start page, you can select the button "Deploy to Azure".

From there, you will be prompted with a page of options to complete relating to your existing App Service Plan (Web Farm), App , Key Vault and the secret that you want to bring across. You may need to input the relevant resource IDs for some of those fields (Yes, the whole string - For example - /subscriptions/guid/resourceGroups/resourceName/providers/Microsoft.KeyVault/vaults/yourKeyVault).

Once all details have been entered, simply click deploy. It's worth taking a look at the related GitHub page, as it mentions there may be some issues deploying into the web app unless you set access to a particular Service Principal. Additionally, I have allowed Azure KeyVault to deploy from Azure Resource Manager in the advanced section of the KeyVault GUI.

If it is useful, I can double back on this post and provide a more "step-by-step" view of the process. Just let me know on twitter, @reddobowen.

Christian Reddington

Christian Reddington

Christian is enthusiastic about using technology to empower people and organisations. His current areas of interest include the Internet of Things, Data Science and DevOps.

Read More
Updating AzureApp Service certificates from Key Vault
Share this