Christian Reddington

Ideas and Technology :: This blog represents my own views

Updating AzureApp Service certificates from Key Vault

January 26, 2017 in #KeyVault #Azure #App Service | | | Share on Google+

You may have seen that I recently wrote a blog post on the Microsoft Premier Developer blog
about automatically rotating certificates in Azure Key Vault from certain certificate authorities. This is a great feature, which will save some headaches, I am sure!

However, I noticed that the certificate on my blog had expired late in December, and have been a bit lazy/relaxed in getting that resolved. Today was finally the day to fix it!

This was much easier than I thought. There is in fact a quickstart template to achieve just that task. If you wander over to the Web App integration with Key Vault quick start page, you can select the button "Deploy to Azure".

From there, you will be prompted with a page of options to complete relating to your existing App Service Plan (Web Farm), App , Key Vault and the secret that you want to bring across. You may need to input the relevant resource IDs for some of those fields (Yes, the whole string - For example - /subscriptions/guid/resourceGroups/resourceName/providers/Microsoft.KeyVault/vaults/yourKeyVault).

Once all details have been entered, simply click deploy. It's worth taking a look at the related GitHub page, as it mentions there may be some issues deploying into the web app unless you set access to a particular Service Principal. Additionally, I have allowed Azure KeyVault to deploy from Azure Resource Manager in the advanced section of the KeyVault GUI.

If it is useful, I can double back on this post and provide a more "step-by-step" view of the process. Just let me know on twitter, @reddobowen.

January 26, 2017 in #KeyVault #Azure #App Service | | | Share on Google+