I recently had to copy a few certificates between Azure key vaults. These certificates were issued in one key vault but given access restrictions, they were consumed from another key vault.
Note 1: copying certificates between key vaults is generally a bad idea as the copied certificate will not follow any automatic renewal setup for the original.
The powershell script below was imported mostly from this StackOverflow answer. The primary change done was to use the X509Certificate2 class constructor instead of the
Import method which is not recommended.
Note 2: you will need to login to Azure using
Connect-AzAccountbefore running the script.
If you peruse the script, you will notice that we are using
Get-AzKeyVaultSecret to get the PFX cert encoded as Base64 string, convert it to a
byte, and finally import the certificate using
You might be asking yourself what happened to
Get-AzKeyVaultCertificate?. While that command does exist, it returns a
PSKeyVaultCertificate object which is not compatible with the
X509Certificate2Collection type required by the