How can I import or query and use an existing App Service Certificate in my Pulumi script? I’ve spent the last few hours doing this, but unfortunately these attempts tend to produce errors rather than the desired result.

@mysterious-piano-88140 what are you looking to do with the certificate? How are you looking to use it? An App Service Certificate is stored in Key Vault by default, so if your plan is to use it for either a a web/function app or an APIM service, then you can reference it using a Key Vault reference. If this is what you are trying to do, I can show you an example (because I just finished setting this up).

So I already have a ready deployment that creates an Azure web app in Azure with a Docker container. Now I wanted to add the domain or DNS record to the existing deployment and also include the certificate in these processes. Unfortunately, I can’t find any examples for these two points, so it’s really difficult to get through them. I read about Azure KeyVault somewhere, but I didn’t understand it either. Therefore, I would be grateful if you could provide your example. And maybe you can also help me with the linking of my subdomain with the web app.

Are you using Azure DNS?

Yes

Sorry, I dropped the ball on this @mysterious-piano-88140

No problem. We bought the certificate from Azure and currently add it manually by hand in the Azure portal. I want to automate this with the code. However, I can’t find an example yet, which makes it more difficult to find out what I need.

Hm, are you sure? If you look in the certificate itself in the issuer field, doesn’t it say GoDaddy? Similar to this?

You are right. It’s issued by GoDaddy

OK, then you should be able to do something like this in your Pulumi program

Thank you very much! I’ll try this tomorrow or in the next few days and let you know if it worked.

From that, it’s often very easy to figure out how something should be specified in Pulumi

One thing that’s very helpful is, after you manually configure something in the portal, do “export template” for the web app and look at the resulting JSON

This is exactly what I always do, but every now and then the exported template differs from Pulumi. And it’s also not always clear what you can use from Pulumi. For example, look in the Azure Native documentation for

GetCertificate

. You’ll get tens of results and then you have to figure out what is the right one 😅

Yeah I know, it’s not easy… takes a while to automate this stuff. But then when you’re done, and you run it several times per day to spin up new environments, it pays off… hehe