Mssparkutils.credentials.getSecretWithLS to get Certificate and create CertificateCredential in Synapse
I need to create a CertificateCredential from azure.identity, I have a PKCS12 certificate saved in a Key Vault and I am reading it using mssparkutils with LinkedService, official documentation mentioned you can create a CertificateCredential with the private key byte data as follows:
# Certificate/private key byte data can also be passed directly
credential = CertificateCredential(
tenant_id="<tenant_id>",
client_id="<client_id>",
certificate_data=b"<cert data>",
)
I tried to use the certificate returned from mssparkutils but the client creation fails with encode errors, I also tried to decode the certificate using base64 but it fails as is not able to get the private key, the certificate is valid as is has been used to get token successfully, is failing only when trying to use CertificateCredential.
import base64
import binascii
from cryptography.hazmat.primitives.serialization import pkcs12
from cryptography.hazmat.primitives import hashes, serialization
certificate_data = mssparkutils.credentials.getSecretWithLS(linked_service_name, cert_name)
cert_bytes = base64.b64decode(certificate_data)
private_key, certificate, additional_certificates = pkcs12.load_key_and_certificates(cert_bytes, None)
credential = CertificateCredential(tenant_id = tenant_id, client_id = service_principal_id, certificate_data = cert_bytes)
I am running this code in Synapse Workspace, could you guide me on how to properly encode the certificate to create CertificateCredential. Is required to use CertificateCredential