[QUERY] How to import certificate from KeyVault when creating/updating an AppService (CreateOrUpdateWebSiteResource)?

[trygvelo]

Library name and version

Azure.ResourceManager 1.12.0

Query/Question

I cannot find a working way to import a certificate from KeyVault when creating/updating an AppService (WebSite).

I'm am NOT using the certificate for TLS/SSL host binding. The certificate is used by the application code to authenticate with a database service.

I have tried this:

// First set up WebSiteData (a function app in my case)
var webSiteData = new WebsiteData(...);

new CertificateClient(new Uri(_keyVaultUrl), new DefaultAzureCredential());
KeyVaultCertificateWithPolicy vaultCertificate = await certificateClient.GetCertificateAsync("cert-name");

webSiteData.HostNameSslStates.Add(new HostNameSslState
{
    Name = vaultCertificate.Name,
    ThumbprintString = vaultCertificate.Properties.X509ThumbprintString,
    SslState = HostNameBindingSslState.SniEnabled
});

var webSite = (await resourceGroup.GetWebSites().CreateOrUpdateAsync(
    WaitUntil.Completed,
    "site-name",
    webSiteData
)).Value;

But it doesn't show up in the app service certificates when browsing the portal under "Bring your own certificates (.pfx)".

I haven't found any example code except similar to the webSiteData.HostNameSslStates.Add. If I add the certificate through the portal it works perfect, I just need to be able to do the same using Azure.ResourceManager

Environment

No response

[github-actions]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[trygvelo]

What I'm trying to do is the same as the Azure CLI command:

az webapp config ssl import --resource-group MyResourceGroup --name MyWebapp --key-vault MyKeyVault --key-vault-certificate-name MyCertificateName

This works fine. But how to perform the same using Azure.ResourceManager in .net code?