G'morning. Looking for best practices for setting up an Azure app registration to be able to pull values from an Azure Key Vault. We'd like the app registration's service principal to use a cert to talk to the key vault. Doesn't look like the Pulumi Azure Native library supports that. There's some functionality for that in the Pulumi Azure Classic library, but it doesn't seem to have everything it needs there.
Anyone get the above scenario to work and, if so, how?