Execute Powershell script after renewal

I've been banging my head against the wall about this for awhile. I've got some Azure Key Vault devices that after renewal get a new certificate, after that certificate is updated in the keyvault, I need to execute a powershell script to deploy the certificate to numerous types of PaaS resources. Kind of in the same way you can bind to web application natively in Venafi but for thinks like Kubernetes.

I really have no idea how to get started with this. I thought an adaptable workflow applied to the policy with these devices would work but I don't really think that's the right solution....

I could create an Azure Function with an email trigger from the renewal email but that's a bit janky as well.

The only other thing I can think of is jobs that check the keyvault for a new cert every night but I'd really like Venafi to initiate this. 


Please sign in to leave a comment.