We wanted to store a private key file into the azure key-vault in order to use it to connect to a SFTP server.
We have in a `ppk` file and not in any of the other formats accepted by azure (`pem`, `pfx` or `byok`). The azure restrictions will apply when uploading the file manually to key-vault. You can choose to do it via azure cli like this:
az keyvault secret set vault-name $(keyVaultName) name $(secretKeyName) --file '$(file);
but this will not do the trick for you. It will upload the file but you will not be able to use it in ADF.
This is a 3 steps process:
- Convert the ppk to pem format
- Encode the pem file as base64
- Upload the file with azure cli in 2 steps
Convert the ppk to pem format
If you are a windows user then get the tool puttygen and load your ppk key file with it. On the selection menu click conversions and convert it to a (private key) openssh key format. Be sure to add the `.pem` extension. If you are a linux user use the puttygen tool as well (after installing putty-tools), but in the console like this
puttygen privatekey.ppk -O private-openssh -o pemkey.pem
Encode the pem file as base64
The resulting pem file needs to be encoded as base64 in order to be used from ADF. This is a pretty standard encoding algorithm and you can find many tools for windows or linux to do it. For Windows there is the base64 encoder from Microsoft and for Linux the `base64` binary is part of the builtin toolbox.
Upload the file with azure cli in 2 steps
Now you have the base64 encoded file and you need to add it to the keyvault. Use azure cli like this:
az keyvault secret set vault-name $(keyVaultName) name $(secretKeyName) --file '$(file);
Some private keys are encrypted with a a passphrase. You can either upload the passphrase yourself as an additional key (which we did in out case), or you can use the pem upload command from azure keyvault like this:
sh
az keyvault key import pem-file $(pemFile) vault-name $(keyVaultName) name $(secretKeyName) pem-passphrase $(passPhrase)
Now you can use it in ADF.