Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
aortega1313
Regular Visitor

How to sign my custom connector (PQX) with Azure Key Vault

Hi Everyone,

 

I am looking for some help to know if there is a way to sign the PQX (custom connector) using Azure Key Vault and AzureSignTool.

Is there any existing way? 

 

I know how to sign the connector with the MakePQX, but for now, it is not an alternative to use a PFX format for the certificate. 

 

Thank you, 

 

Regards.

 

3 REPLIES 3
v-xinruzhu-msft
Community Support
Community Support

Hi @aortega1313 

Based on your description, you can refer to the following link.

How to sign code built using Azure Pipelines using a certificate/key in Azure Key Vault? - Stack Ove...

It offer some suggestion about it.

 

Best Regards!

Yolo Zhu

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

aortega1313
Regular Visitor

Hi @FarhanJeelani!

Thanks for the help. I made the test but I'm receive the next error.

The file cannot be signed because it is not a recognized file type for signing or it is corrupt.

I'm using the next project with this command:  https://github.com/vcsjones/AzureSignTool

 

 

AzureSignTool.exe sign -du "https://vcsjones.com" \
  -fd sha256 -kvu https://my-vault.vault.azure.net \
  -kvi 01234567-abcd-ef012-0000-0123456789ab \
  -kvt 01234567-abcd-ef012-0000-0123456789ab \
  -kvs <token> \
  -kvc my-key-name \
  -tr http://timestamp.digicert.com \
  -v \
  C:\connector.pqx

 

Should I use a different version or another project?

FarhanJeelani
Super User
Super User

Hi @aortega1313 ,

Yes, you can sign a Power Query Custom Connector (PQX) using Azure Key Vault and AzureSignTool. Here's how:

  1. Store your certificate in Azure Key Vault and ensure it's accessible.

  2. Grant your service principal or user the necessary permissions to access the certificate in Key Vault (e.g., Key Vault Sign permission).

  3. Install AzureSignTool on your machine.

  4. Use the AzureSignTool to sign the PQX file by pointing it to the certificate in Azure Key Vault with the following command:

    AzureSignTool sign /fd sha256 /a /v /sha256 <certificate-thumbprint> /kvc <keyvault-name> <path-to-pqx>

This will sign your PQX file using the certificate stored in Azure Key Vault, without needing to use MakePQX for the certificate.

 

Please mark this as solution if it helps. Appreciate Kudos.

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Jan25PBI_Carousel

Power BI Monthly Update - January 2025

Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.