Azure Key Vault
Store in Azure Key Vault
| Plugin type | Store | |
|---|---|---|
| Download | Version v2.3.3. Look for older releases on GitHub for files named like plugin.store.keyvault.v2.x.x.zip | |
| Chocolatey | choco install simple-acme-store-keyvault(details) |
|
| Compatibility | All platforms |
Description
Store the certificate in Azure Key Vault.
Plugins needs to be unpacked into a folder called %programdata%\simple-acme\plugins. Depending on how you downloaded the file, you may have to unblock the .dll files before your computer will trust them. You can do that from the File Explorer by using the right mouse button and then checking the `Unblock` box on the General tab.
To verify that the plugin is properly installed you can start the main executable
with ‑‑verbose and it will print information about found and loaded plugins at
start up. When the plugin is loaded, it manifests itself as extra menu choices and
command line parameters being made availalbe.
All releases published to third party package managers like Chocolatey and NuGet support plugins, but if you download simple-acme manually, you must choose a pluggable version instead of the trimmed one to use it.
Command line
--store keyvault |
Activates the plugin | |
|---|---|---|
‑‑vaultname |
The name of the vault | |
‑‑certificatename |
The name of the certificate | |
‑‑azureenvironment |
This can be used to specify a specific Azure endpoint. Valid inputs are AzureCloud (default), AzureChinaCloud, AzureGermanCloud, AzureUSGovernment or a specific URI for an Azure Stack implementation. | |
‑‑azureusemsi |
Use Managed Service Identity for authentication. | |
‑‑azuretenantid |
Directory/tenant identifier. Found in Entra ID > Properties. | |
‑‑azureclientid |
Application/client identifier. Found/created in Entra ID > App registrations. | |
‑‑azuresecret |
Client secret. Found/created under Entra ID > App registrations.
You may pass the secret in plain text, but can also use a reference to the secret vault like |
Examples
| Service Principal | --store keyvault ‑‑azuretenantid 8a947dda-3ed2-40dc-8058-d7b212322ed2 ‑‑azureclientid e02a0517-412e-4e0a-996b-2693458a9232 ‑‑azuresecret ***** ‑‑vaultname MyVault ‑‑certificatename MyCertificate |
|
|---|---|---|
| Managaged Identity | --store keyvault ‑‑azureusemsi ‑‑vaultname MyVault ‑‑certificatename MyCertificate |
JSON
| ID | dbfa91e2-28c0-4b37-857c-df6575dbb388 |
|---|
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.