Download the public key in .PEM format from Azure Key Vault-CodePudding

Is there a python sdk call to download the publickey in .pem format from the azure keyvault.

Yes, we can download the publickey using the Az CLI "az keyvault key download " and directly using the azure portal, but we are looking for the python sdk call

Below code only gives the key name or version of key but not the actual public key get_key retrieves a key previously stored in the Vault.

 from azure.identity import DefaultAzureCredential
 from azure.keyvault.keys import KeyClient
    
 credential = DefaultAzureCredential()
    
 key_client = KeyClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential)
 key = key_client.get_key("key-name")
 print(key.name)

key = key_client.get_key("key-name") >> gives the key name stored in the keyvault not the actual public key

we are looking for

Please anyone who is aware of this issue, can bring some light into it.

CodePudding user response：

You only get the public key when you download the get_key from Azure Key Vault, to get the private key, you need to download it as a secret instead.

Yes, it is strange....

CodePudding user response：

The only way to get public key of the certificate (assumption based on PEM format) in that format is to download secret portion which will include both public and private in that format.

In the code above you print key name of the key, so it shows just name: print(key.name)

Try print(key.n), for more information about available properties of return JSONWEBKey see: https://learn.microsoft.com/en-us/python/api/azure-keyvault-keys/azure.keyvault.keys.jsonwebkey?view=azure-python