How you add SSL Cert to an existing azure Linux VM from Azure Key vault. for windows we use the following command
$vaultId=(Get-AzureRmKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore "My" -CertificateUrl $certURL
Is there a similar one like this for linux vm? Is there a link similar to this for linux Secure IIS web server with SSL certificates on a Windows virtual machine in Azure
You could use Azure Cli to do this. Using following command.
secret=$(az keyvault secret list-versions \
--vault-name $keyvault_name \
--name mycert \
--query "[?attributes.enabled].id" --output tsv)
vm_secret=$(az vm format-secret --secret "$secret")
az vm update -n shui -g shuikeyvault --set osProfile.secrets="$vm_secret"
Then the certificate stores on /var/lib/waagent, you could use Azure Custom Script to use it.
Note: You should use "$vm_secret", I test in my lab, only $vm_secret does not work for me.
ssh-copy-id -i ~/.ssh/id_rsa.pub aht@myserver. But if you have rights to the VM but not the original key, you want to use azure vm reset-access to do so. It is in fact documented as a standalone ability: help: -M, --ssh-key-file path to public key PEM file or SSH Public key file for SSH authentication (valid only when os-type is "Linux") of course, it doesn't say what ELSE should happen here in order to ADD the key I provide to the currently running VM I'm targeting. But the result needs to be that if I specify a user that already exists, and there's a key already there, this one needs to be added to the directory.
You'll note that in Azure/azure-linux-extensions#295, https://github.com/Azure/azure-linux-extensions/issues/295 believes that using azure vm set-extensions ,then reset-access is broken.
Update a Key Vault for use with VMs Set the deployment policy on an existing key vault with az keyvault update. The following updates the key vault named myKeyVault in the myResourceGroup resource group:
Azure CLI
Copy az keyvault update -n myKeyVault -g myResourceGroup --set properties.enabledForDeployment=true
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贪生不怕死 的文章《Add SSL Cert to an existing VM linux vm from Azure》','https://www.manongdao.com/article-509463.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}