jrotello/Export-PfxCertificateFromKeyVault.ps1

## Export-PfxCertificateFromKeyVault.ps1
function Export-PfxCertificateFromKeyVault {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory)]
        [string]$KeyVaultName,

        [Parameter(Mandatory)]
        [string]$Name,

        [Parameter(Mandatory)]
        [securestring]$PfxPassword,

        [Parameter(Mandatory)]
        [FileInfo]$Filename
    )

    $kvCert = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $Name
    $base64Cert = Get-AzKeyVaultSecret -VaultName $kvCert.VaultName -Name $kvCert.Name -AsPlainText

    $x509Bytes = [Convert]::FromBase64String($base64Cert)
    $flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

    $x509 = New-Object `
        -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 `
        -ArgumentList $x509Bytes, "", $flags

    $type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx
    $pfxBytes = $x509.Export($type, $pw)

    [System.IO.File]::WriteAllBytes($Filename, $pfxBytes)
}
	function Export-PfxCertificateFromKeyVault {
	[CmdletBinding()]
	param (
	[Parameter(Mandatory)]
	[string]$KeyVaultName,

	[Parameter(Mandatory)]
	[string]$Name,

	[Parameter(Mandatory)]
	[securestring]$PfxPassword,

	[Parameter(Mandatory)]
	[FileInfo]$Filename
	)

	$kvCert = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $Name
	$base64Cert = Get-AzKeyVaultSecret -VaultName $kvCert.VaultName -Name $kvCert.Name -AsPlainText

	$x509Bytes = [Convert]::FromBase64String($base64Cert)
	$flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

	$x509 = New-Object `
	-TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 `
	-ArgumentList $x509Bytes, "", $flags

	$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx
	$pfxBytes = $x509.Export($type, $pw)

	[System.IO.File]::WriteAllBytes($Filename, $pfxBytes)
	}