When working with multiple Automation Accounts (AAs) and Runbooks in Azure, you typically need to upload an SSL certificate to each individual Automation Account. This can quickly become inefficient and difficult to maintain.
A better solution is to use Azure Key Vault — a secure centralized service for managing cryptographic keys and certificates. By storing your SSL certificate in Azure Key Vault, you can easily access and use it across all your Runbooks without the need to upload it repeatedly to each Automation Account.
Steps to Implement:
-
Import Required Modules
-
Import the Az.KeyVault module in your Automation Account.
-
Import the PnP.PowerShell module (recommended version: 2.12.0) in your Automation Account.
-
-
Upload SSL Certificate
-
Upload a valid SSL certificate to Azure Key Vault.
-
-
Rigister Azure App
-
Upload the certificate to the app
-
-
Access Certificate in Runbook
-
Use the following PowerShell script to connect to SharePoint Online via PnP PowerShell, using the SSL certificate stored in Key Vault.
# Disable update check for the current PowerShell session
$env:POWERSHELL_UPDATECHECK = "Off"
### Parameters ###
$tenantID = <tenant id>
$clientID = <azure app client id>
$KeyVaultName = <keyvault name="">
$CertName = <certificate name uploaded to key vault>
$subscriptionId = <your subscription ID>
$Url = <spo site url>
### END Parameters ###
# Authenticate to Azure using the managed identity of the Automation Account
Connect-AzAccount -Identity
Set-AzContext -Subscription $subscriptionId
#Retrive the certificate
$secretSecureString = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $CertName
$secretPlainText = ConvertFrom-SecureString -AsPlainText -SecureString $secretSecureString.SecretValue
$secretPlainText.Substring(0, 4)
# Connect using thumbprint
Connect-PnPOnline -Url $Url -ClientId $clientID -CertificateBase64Encoded $secretPlainText -Tenant $tenantID
No comments:
Post a Comment