search

ansible-collections / azure

Development area for Azure Collections
https://galaxy.ansible.com/azure/azcollection
GNU General Public License v3.0
244 stars 325 forks source link

Azure Key Vault - Get Certificate Thumbprint as part of secret. #1256

Open mheidmiller opened 11 months ago

mheidmiller commented 11 months ago
SUMMARY

Azure Key Vault - Gather Certificate Thumbprint - Currently when using Ansible Azure.Azcollection.azure_rm_keyvaultsecret_info I can successfully connect to my azure keyvault where I am storing my certificate and I can gather the certificate information but it does not contain the certificate thumbprint. This would be useful further into my Ansible Script to use.

Below is the information that is returned/

{ "changed": false, "secrets": [ { "tags": null, "attributes": { "enabled": true, "not_before": "2023-05-12T00:00:00+00:00", "expires": "2024-06-11T23:59:59+00:00", "created": "2023-05-15T19:58:33+00:00", "updated": "2023-05-15T19:58:33+00:00", "recovery_level": "Recoverable" }, "sid": "KEYVAULTSECRET", "version": "CERTVERSION", "content_type": "application/x-pkcs12", "secret": "CERT" } ], "invocation": { "module_args": { "vault_uri": "KEYVAULTURL", "name": "certificatename", "client_id": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "secret": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "tenant": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "subscription_id": "AzureSubscription", "auth_source": "auto", "cloud_environment": "AzureCloud", "api_profile": "latest", "version": "current", "show_deleted_secret": false, "profile": null, "ad_user": null, "password": null, "cert_validation_mode": null, "adfs_authority_url": null, "log_mode": null, "log_path": null, "x509_certificate_path": null, "thumbprint": null, "tags": null } },

Through the Azure GUI I can see the current Thumbprint + Thumbprints of old version of the code so the information is there.

ISSUE TYPE
COMPONENT NAME

azure_rm_keyvaultsecret_info module

ADDITIONAL INFORMATION

With the Thumbprint I can use it further in my script to accomplish tasks.

Fred-sun commented 8 months ago

@mheidmiller Thanks for your question! I don't think you need to use the keyvaultsecret module to obtain the fingerprint of a certificate. It should be a module that manages certificates, and you can obtain the certificate related information through this module, such as the certificate time, fingerprint, expiration time, etc. right?

Fred-sun commented 3 months ago

@mheidmiller Could you tell me more about your requirements? Do you want to get a fingerprint for your secret?