Encrypted private key (PKCS#8) / PFX (PKCS#12) support in az cli for service principals
As it stands there are a few methods to authenticate service principals with a private key and certificate using PKCS#12 files which are documented below:
Using PowerShell on Windows - WORKS:
Using Terraform (azurerm 1.24.0) - WORKS:
What does not work is using az cli with an encrypted RSA private key in either PKCS#8 or PKCS#12 format and az cli is meant to be the strategic cross-platform tool for administering Azure. I have tested the functionality with an Azure Support Engineer who was very helpful with the testing and explained the current position. The az-cli documentation for that is below:
az-cli only accepts a Base64 encoded RSA private key in plaintext and not a private key in PKCS#5 / PKCS#8 format, i.e. an encrypted private key. It also doesn't accept a PKCS#12 key bundle which is what is supported by Terraform and PowerShell.
Seeing as az-cli relies on OpenSSL and Python libraries it should fairly simple for Microsoft to add the desired functionality to Azure CLI so that az cli is at parity with Terraform and PowerShell, so this is a request for that functionality.