Azure Key Vault

Store in Azure Key Vault

Plugin type Store
Download Version v2.3.3. Look for older releases on GitHub for files named like plugin.store.keyvault.v2.x.x.zip
Chocolatey
choco install simple-acme-store-keyvault 
(details)
Compatibility All platforms

Description

Store the certificate in Azure Key Vault.

Plugins needs to be unpacked into a folder called %programdata%\simple-acme\plugins. Depending on how you downloaded the file, you may have to unblock the .dll files before your computer will trust them. You can do that from the File Explorer by using the right mouse button and then checking the `Unblock` box on the General tab.

To verify that the plugin is properly installed you can start the main executable with ‑‑verbose and it will print information about found and loaded plugins at start up. When the plugin is loaded, it manifests itself as extra menu choices and command line parameters being made availalbe.

All releases published to third party package managers like Chocolatey and NuGet support plugins, but if you download simple-acme manually, you must choose a pluggable version instead of the trimmed one to use it.

Command line

--store keyvault Activates the plugin
‑‑vaultname The name of the vault
‑‑certificatename The name of the certificate
‑‑azureenvironment This can be used to specify a specific Azure endpoint. Valid inputs are AzureCloud (default), AzureChinaCloud, AzureGermanCloud, AzureUSGovernment or a specific URI for an Azure Stack implementation.
‑‑azureusemsi Use Managed Service Identity for authentication.
‑‑azuretenantid Directory/tenant identifier. Found in Entra ID > Properties.
‑‑azureclientid Application/client identifier. Found/created in Entra ID > App registrations.
‑‑azuresecret Client secret. Found/created under Entra ID > App registrations.

You may pass the secret in plain text, but can also use a reference to the secret vault like "vault://json/mysecret".

Examples

Service Principal --store keyvault ‑‑azuretenantid 8a947dda-3ed2-40dc-8058-d7b212322ed2 ‑‑azureclientid e02a0517-412e-4e0a-996b-2693458a9232 ‑‑azuresecret ***** ‑‑vaultname MyVault ‑‑certificatename MyCertificate
Managaged Identity --store keyvault ‑‑azureusemsi ‑‑vaultname MyVault ‑‑certificatename MyCertificate

JSON

ID dbfa91e2-28c0-4b37-857c-df6575dbb388

Looking for win-acme?

simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.