Open VladimirKhvostov opened 2 weeks ago
Thank you for opening this issue, we will look into it.
Unfortunatelly, the following example is not very useful: https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-3#convert-an-existing-pkcs12-file
Could you explain why this example is not helpful?
Supporting PFX in az login
is tracked by https://github.com/Azure/azure-cli/issues/20465.
Unfortunatelly, the following example is not very useful: https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-3#convert-an-existing-pkcs12-file
Could you explain why this example is not helpful?
Supporting PFX certificate in az login
is tracked by https://github.com/Azure/azure-cli/issues/20465.
@jiasli, It is great that we have #20465 to track the issue. Supporting PFX cert would be helpful for Windows users, but ideally az cli should support certificate thumbprint. Certificates in the Windows certificate store can non-exportable, which would block creating pfx.
https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-3#convert-an-existing-pkcs12-file is not helpful for Windows users.
Consider the following scenario: A customer needs to use a certificate from the Windows certificate store in the az login
command.
Thanks, --Vladimir
Supporting reading certificate from Windows certificate store depends on MSAL's implementation: https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/685.
However, this would require calling Win32 API. For Python, this may not be as easy as reading from a PEM/PFX file. Azure PowerShell cmdlet Connect-AzAccount
is based on .NET, so it has a better integration with Windows than Python.
Hello, I wanted to switch from the Azure PowerShell to Az cli, because packer supports use_azure_cli_auth. Tested locally - things look great. I started to updated a release pipeline and ran into an issue:
az login --service-principal requires a pem file on Windows. My expectation was that I will be able able to pass certificate thumbprint on Windows, similar to https://learn.microsoft.com/en-us/powershell/module/az.accounts/connect-azaccount?view=azps-12.0.0#example-7-connect-using-certificates
Unfortunatelly, the following example is not very useful: https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-3#convert-an-existing-pkcs12-file
Are there plans to support specifying a cert thumbprint on Windows? Thanks, --Vladimir