Is there a python sdk call to download the publickey in .pem format from the azure keyvault.
Yes, we can download the publickey using the Az CLI "az keyvault key download " and directly using the azure portal, but we are looking for the python sdk call
Below code only gives the key name or version of key but not the actual public key get_key retrieves a key previously stored in the Vault.
from azure.identity import DefaultAzureCredential
from azure.keyvault.keys import KeyClient
credential = DefaultAzureCredential()
key_client = KeyClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential)
key = key_client.get_key("key-name")
print(key.name)
key = key_client.get_key("key-name") >> gives the key name stored in the keyvault not the actual public key
we are looking for
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkA yiEvKHY5SbCcwwY376BZHowPTeDpLzKuAAd5N0QMjCu8GS8OVDnkhu1NxZl30OqvTTVTdd756TOAtALy3/dVVJbe/rB7K0ry/ mkZoWz922KgqXb BeF TMficf zOgkd1PIkzuiiI4OMbIDnLqEd5Hka1RQFwKCzrHHA V29LJWH0geHe1Q/REaAI/eq5yiIIXcudwpN3ngAKvgDYnX J0R7fwie1DzzZfdC4sBZfeOthI4aFIfSCAKejnDeLAS3PcQUfh61b6xj 5rZts0zISx7Dz3RQFQIDAQAB -----END PUBLIC KEY-----
Please anyone who is aware of this issue, can bring some light into it.
CodePudding user response:
You only get the public key when you download the get_key from Azure Key Vault, to get the private key, you need to download it as a secret instead.
Yes, it is strange....
CodePudding user response:
The only way to get public key of the certificate (assumption based on PEM format) in that format is to download secret portion which will include both public and private in that format.
In the code above you print key name of the key, so it shows just name: print(key.name)
Try print(key.n), for more information about available properties of return JSONWEBKey see: https://learn.microsoft.com/en-us/python/api/azure-keyvault-keys/azure.keyvault.keys.jsonwebkey?view=azure-python