Calling Azure Keyvault Certificate ARM Template RRS feed

  • Question

  • Is there a way to call and install an Azure Keyvault pfx certificate from ARM Template parameter for an Application Gateway? 

    Right now I do have a specific way of doing it that involves below where the certdata is the PFX data converted using this and entering that into the data field. [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("test.pfx")) > text.pfx

    What I currently use

     "certData": {
        "certPassword": {
          "reference": {
            "keyVault": {
              "id": "/subscriptions/blahblah/resourceGroups/blahvault/providers/Microsoft.KeyVault/vaults/keyvault"
            "secretName": "cert-password"

    In the ARM Template for creating the SSL Cert for frontend listener certificate

    "sslCertificates": [
                "name": "appGatewaySslCert",
                "properties": {
                  "data": "[parameters('certData')]",
                  "password": "[parameters('certPassword')]"

    Now is there a way to do this and call the certificate directly from the keyvault? I've yet to find a good example of someone doing it and can't get it to work myself. If anyone knows how to or knows if it can be done or not, that would be awesome and much appreciated. I would want to avoid placing the massive amount of cert data in the template if this can be done.


    Tuesday, April 9, 2019 9:07 PM

All replies