Creating a public/private key pair and storing in Azure

Create-Key-Pair-Azure.md

In the Azure Cloud Shell or Azure CLI

Set variables

RESOURCE_GROUP=cg-rsakeys-test RESOURCE_GROUP_LOCATION=westus KEY_VAULT_NAME=cg-rsakeys-test-kv

Create a resource group to use

az group create -l $RESOURCE_GROUP_LOCATION -n $RESOURCE_GROUP

View all resource groups

az group list -o table

# Alternative to filter down in a large subscription
az group list --query "[?starts_with(name,'cg')]" -o table

# Or to directly check on this one
az group list --query "[?name=='$RESOURCE_GROUP']" -o table

Create an sshkey as an azure resource

az sshkey create --name "mySSHKey" --resource-group "$RESOURCE_GROUP"

Create an unencrypted private key with openssl

Snowflake Ready Private Key (per docs) See openssl docs for more info

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

Create public key based on private key

Snowflake docs on public key Again, see openssl docs

openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

Note that ssh-keygen is also on the bash shell in Azure Cloud Shell. If using the online shell, consider creating keys in the clouddrive. Not sure what security considerations are per terminal instance.

Create a key vault

az keyvault create --location $RESOURCE_GROUP_LOCATION --name $KEY_VAULT_NAME --resource-group "$RESOURCE_GROUP"

Save the secrets to the vault

az keyvault secret set --vault-name $KEY_VAULT_NAME --name "PublicKey" --file rsa_key.pub
az keyvault secret set --vault-name $KEY_VAULT_NAME --name "PrivateKey" --file rsa_key.p8