Azure Key Vault
Store in Azure Key Vault
| Plugin type | Store | |
|---|---|---|
| Download | Version v2.3.2. Look for older releases on GitHub for files named like plugin.store.keyvault.v2.x.x.zip | |
| Chocolatey | choco install simple-acme-store-keyvault(details) |
|
| Compatibility | All platforms |
Description
Store the certificate in Azure Key Vault.
The plugin need to be unpacked into the folder where you also unpacked
wacs.exe to able to use it. Depending on how you downloaded the file,
you may have to unblock all new .dll files before your computer will trust
them. You can do that from the Windows File Explorer by using the right mouse button
and then checking the `Unblock` box on the General tab.
If you are using simple-acme as a dotnet tool, the folder will be %userprofile%\.dotnet\tools\.store\simple-acme\2.3.2.1981\simple-acme\2.3.2.1981\tools\net9.0\any
To verify that the plugin is properly installed you can start the main executable
with ‑‑verbose and it will print information about found and loaded plugins at
start up. When the plugin is loaded, it manifests itself as extra menu choices and
command line parameters being made availalbe.
This plugin requires to you use the pluggable release of the main executable. It will not work on the smaller trimmed releases.
Command line
--store keyvault |
Activates the plugin | |
|---|---|---|
‑‑vaultname |
The name of the vault | |
‑‑certificatename |
The name of the certificate | |
‑‑azureenvironment |
This can be used to specify a specific Azure endpoint. Valid inputs are AzureCloud (default), AzureChinaCloud, AzureGermanCloud, AzureUSGovernment or a specific URI for an Azure Stack implementation. | |
‑‑azureusemsi |
Use Managed Service Identity for authentication. | |
‑‑azuretenantid |
Directory/tenant identifier. Found in Entra ID > Properties. | |
‑‑azureclientid |
Application/client identifier. Found/created in Entra ID > App registrations. | |
‑‑azuresecret |
Client secret. Found/created under Entra ID > App registrations.
You may pass the secret in plain text, but can also use a reference to the secret vault like |
Examples
| Service Principal | --store keyvault ‑‑azuretenantid 8a947dda-3ed2-40dc-8058-d7b212322ed2 ‑‑azureclientid e02a0517-412e-4e0a-996b-2693458a9232 ‑‑azuresecret ***** ‑‑vaultname MyVault ‑‑certificatename MyCertificate |
|
|---|---|---|
| Managaged Identity | --store keyvault ‑‑azureusemsi ‑‑vaultname MyVault ‑‑certificatename MyCertificate |
JSON
| ID | dbfa91e2-28c0-4b37-857c-df6575dbb388 |
|---|
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.