Fetching certificate and its key from Azure KeyVault

fetch_cert_from_keyvault.py

"""Fetches cert and private key from specified keyvault using MSI auth
and stores these in specified folder."""

import os
from msrestazure.azure_active_directory import MSIAuthentication
from azure.keyvault import KeyVaultClient
from OpenSSL import crypto
import base64

import argparse


if __name__ == "__main__":

    parser = argparse.ArgumentParser(description=__doc__)

    parser.add_argument("--keyvault-uri")
    parser.add_argument("--cert-name")
    parser.add_argument("--out-cert")
    parser.add_argument("--out-key")
    args, kwargs = parser.parse_known_args()

    credentials = MSIAuthentication(resource='https://vault.azure.net')

    kv_client = KeyVaultClient(credentials)

    kv_uri = args.keyvault_uri

    ssl_cert = kv_client.get_secret(kv_uri,args.cert_name,"")
    
    pfx = crypto.load_pkcs12(base64.b64decode(ssl_cert.value))

    if args.out_cert:
        with os.fdopen(os.open(args.out_cert, os.O_WRONLY | os.O_CREAT, 0o600), 'wb') as cert_fp:
            cert_fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, pfx.get_certificate()))

    if args.out_key:
        with os.fdopen(os.open(args.out_key, os.O_WRONLY | os.O_CREAT, 0o600), 'wb') as key_fp:
            key_fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pfx.get_privatekey()))