ARM Template support for Certificates and Issuers
Currently KeyVault only supports adding new secrets using ARM templates.
Certificates are common part of any service today, just like secrets, and I would like to be able to create them in my vault using my ARM templates.
Due to this limitation, currently my provisioning scripts are split to 3 parts(!):
1. ARM Template for preparation (create the KV)
2. Powershell to create the certificates inside the KV
3. ARM Template for the remaining provisioning, that in some parts rely on getting the certificate private part (by accessing the "secret" entity on the KV)
This doesn't make sense.
At the very minimum, add this support for self signed certificates, or for integrated CAs.
I can understand why for non-integrated CAs this might be more difficult to build a good UX.
Ethan Goff commented
Taken one step further, storing the certificate thumbprint (and perhaps other certificate properties) as properties of this kind of Key Vault Certificate ARM resource, and exposing those properties when calling the ARM Template reference() function, would make this kind of feature even more helpful.