How to store a keystore in Microsoft Azure Vault?

Question

I am trying to enable HTTPS traffic for my API service (using Dropwizard Java). However, I need to provide a keystore containing the SSL certificate for the Dropwizard configuration:

server:
  applicationConnectors:
    - type: https
      port: 8443
      keyStorePath: example.keystore
      keyStorePassword: example
      validateCerts: false

I have my .pfx certificate in a Key Vault in Azure, so I was wondering how I can also store a .jks keystore file in an Azure Key Vault?

I could alternatively just transfer the .jks keystore file directly to the virtual machine, but I am not sure if this would be very secure. How can I upload .jks files into Microsoft Azure Vault?

this might help: https://stackoverflow.com/questions/2846828/converting-jks-to-p12 — Hong Ooi, Apr 28 '20 at 18:32
@HongOoi the Key Vault provides me with a .prv and .crt, I am trying to get to JKS — Pablo, Apr 28 '20 at 19:23

score 3 · Accepted Answer · answered Apr 29 '20 at 21:06

You can store a .jks (or any file) as a keyvault Secret if you base64 encode it and the total size is less then 25kb.

For example from the cli:

OUTPUT="$(base64 -w0 < test.txt)" & az keyvault secret set --name mysecret --vault-name myvault --value $OUTPUT

When retrieving the secret you can decode it and write the output to file.

How to store a keystore in Microsoft Azure Vault?

1 Answers1

Linked