MicrosoftDocs
diff --git a/‎articles/key-vault/certificates/quick-create-python.md
Lines changed: 59 additions & 18 deletions b/‎articles/key-vault/certificates/quick-create-python.md
Lines changed: 59 additions & 18 deletions
@@ -3,34 +3,36 @@ title: Quickstart – Azure Key Vault Python client library – manage certifica
 description: Learn how to create, retrieve, and delete certificates from an Azure key vault using the Python client library
 author: msmbaldwin
 ms.author: mbaldwin
-ms.date: 01/22/2022
+ms.date: 02/03/2023
 ms.service: key-vault
 ms.subservice: certificates
 ms.topic: quickstart
 ms.devlang: python
-ms.custom: devx-track-python, devx-track-azurecli, mode-api
+ms.custom: devx-track-python, devx-track-azurecli, mode-api, passwordless-python
 ---
 
 # Quickstart: Azure Key Vault certificate client library for Python
 
-Get started with the Azure Key Vault certificate client library for Python. Follow the steps below to install the package and try out example code for basic tasks. By using Key Vault to store certificates, you avoid storing certificates in your code, which increases the security of your app.
+Get started with the Azure Key Vault certificate client library for Python. Follow these steps to install the package and try out example code for basic tasks. By using Key Vault to store certificates, you avoid storing certificates in your code, which increases the security of your app.
 
 [API reference documentation](/python/api/overview/azure/keyvault-certificates-readme) | [Library source code](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-certificates) | [Package (Python Package Index)](https://pypi.org/project/azure-keyvault-certificates)
 
 ## Prerequisites
 
 - An Azure subscription - [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-- [Python 2.7+ or 3.6+](/azure/developer/python/configure-local-development-environment)
+- [Python 3.7+](/azure/developer/python/configure-local-development-environment)
 - [Azure CLI](/cli/azure/install-azure-cli)
 
-This quickstart assumes you are running [Azure CLI](/cli/azure/install-azure-cli) in a Linux terminal window.
+This quickstart assumes you're running [Azure CLI](/cli/azure/install-azure-cli) or [Azure PowerShell](/powershell/azure/install-az-ps) in a Linux terminal window.
 
 ## Set up your local environment
 
-This quickstart is using Azure Identity library with Azure CLI to authenticate user to Azure Services. Developers can also use Visual Studio or Visual Studio Code to authenticate their calls, for more information, see [Authenticate the client with Azure Identity client library](/python/api/overview/azure/identity-readme)
+This quickstart uses the Azure Identity library with Azure CLI or Azure PowerShell to authenticate the user to Azure services. Developers can also use Visual Studio or Visual Studio Code to authenticate their calls. For more information, see [Authenticate the client with Azure Identity client library](/python/api/overview/azure/identity-readme).
 
 ### Sign in to Azure
 
+### [Azure CLI](#tab/azure-cli)
+
 1. Run the `login` command.
 
     ```azurecli-interactive
@@ -44,6 +46,23 @@ This quickstart is using Azure Identity library with Azure CLI to authenticate u
 
 2. Sign in with your account credentials in the browser.
 
+### [Azure PowerShell](#tab/azure-powershell)
+
+1. Run the `Connect-AzAccount` command.
+
+    ```azurepowershell
+    Connect-AzAccount
+    ```
+
+    If PowerShell can open your default browser, it will do so and load an Azure sign-in page.
+
+    Otherwise, open a browser page at [https://aka.ms/devicelogin](https://aka.ms/devicelogin) and enter the
+    authorization code displayed in your terminal.
+
+2. Sign in with your account credentials in the browser.
+
+---
+
 ### Install the packages
 
 1. In a terminal or command prompt, create a suitable project folder, and then create and activate a Python virtual environment as described on [Use Python virtual environments](/azure/developer/python/configure-local-development-environment?tabs=cmd#use-python-virtual-environments)
@@ -73,10 +92,20 @@ This quickstart is using Azure Identity library with Azure CLI to authenticate u
 
 Create an access policy for your key vault that grants certificate permission to your user account
 
+### [Azure CLI](#tab/azure-cli)
+
 ```azurecli
 az keyvault set-policy --name <your-unique-keyvault-name> --upn [email protected] --certificate-permissions delete get list create
 ```
 
+### [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+Set-AzKeyVaultAccessPolicy -VaultName "<your-unique-keyvault-name>" -UserPrincipalName "[email protected]" -PermissionsToCertificates delete,get,list,create
+```
+
+---
+
 ## Create the sample code
 
 The Azure Key Vault certificate client library for Python allows you to manage certificates. The following code sample demonstrates how to create a client, set a certificate, retrieve a certificate, and delete a certificate.
@@ -85,7 +114,7 @@ Create a file named *kv_certificates.py* that contains this code.
 
 ```python
 import os
-from azure.keyvault.certificates import CertificateClient, CertificatePolicy,CertificateContentType, WellKnownIssuerNames 
+from azure.keyvault.certificates import CertificateClient, CertificatePolicy
 from azure.identity import DefaultAzureCredential
 
 keyVaultName = os.environ["KEY_VAULT_NAME"]
@@ -125,16 +154,18 @@ Make sure the code in the previous section is in a file named *kv_certificates.p
 python kv_certificates.py
 ```
 
-- If you encounter permissions errors, make sure you ran the [`az keyvault set-policy` command](#grant-access-to-your-key-vault).
-- Re-running the code with the same key name may produce the error, "(Conflict) Certificate \<name\> is currently in a deleted but recoverable state." Use a different key name.
+- If you encounter permissions errors, make sure you ran the [`az keyvault set-policy` or `Set-AzKeyVaultAccessPolicy` command](#grant-access-to-your-key-vault).
+- Rerunning the code with the same key name may produce the error, "(Conflict) Certificate \<name\> is currently in a deleted but recoverable state." Use a different key name.
 
 ## Code details
 
 ### Authenticate and create a client
 
-In this quickstart, logged in user is used to authenticate to key vault, which is preferred method for local development. For applications deployed to Azure, managed identity should be assigned to App Service or Virtual Machine, for more information, see [Managed Identity Overview](../../active-directory/managed-identities-azure-resources/overview.md).
+Application requests to most Azure services must be authorized. Using the [DefaultAzureCredential](/python/api/azure-identity/azure.identity.defaultazurecredential) class provided by the [Azure Identity client library](/python/api/overview/azure/identity-readme) is the recommended approach for implementing passwordless connections to Azure services in your code. `DefaultAzureCredential` supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code. 
+
+In this quickstart, `DefaultAzureCredential` authenticates to key vault using the credentials of the local development user logged into the Azure CLI. When the application is deployed to Azure, the same `DefaultAzureCredential` code can automatically discover and use a managed identity that is assigned to an App Service, Virtual Machine, or other services. For more information, see [Managed Identity Overview](/azure/active-directory/managed-identities-azure-resources/overview).
 
-In below example, the name of your key vault is expanded to the key vault URI, in the format `https://\<your-key-vault-name\>.vault.azure.net`. This example is using  ['DefaultAzureCredential()'](/python/api/azure-identity/azure.identity.defaultazurecredential) class, which allows to use the same code across different environments with different options to provide identity. For more information, see [Default Azure Credential Authentication](/python/api/overview/azure/identity-readme). 
+In the example code, the name of your key vault is expanded to the key vault URI, in the format `https://\<your-key-vault-name>.vault.azure.net`. 
 
 ```python
 credential = DefaultAzureCredential()
@@ -143,34 +174,34 @@ client = CertificateClient(vault_url=KVUri, credential=credential)
 
 ### Save a certificate
 
-Once you've obtained the client object for the key vault, you can create a certificate using the [begin_create_certificate](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificateclient?#begin-create-certificate-certificate-name--policy----kwargs-) method: 
+Once you've obtained the client object for the key vault, you can create a certificate using the [begin_create_certificate](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificateclient#azure-keyvault-certificates-certificateclient-begin-create-certificate) method: 
 
 ```python
 policy = CertificatePolicy.get_default()
 poller = client.begin_create_certificate(certificate_name=certificateName, policy=policy)
 certificate = poller.result()
 ```
 
-Here, the certificate requires a policy obtained with the [CertificatePolicy.get_default](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificatepolicy?#get-default--) method.
+Here, the certificate requires a policy obtained with the [CertificatePolicy.get_default](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificatepolicy#azure-keyvault-certificates-certificatepolicy-get-default) method.
 
 Calling a `begin_create_certificate` method generates an asynchronous call to the Azure REST API for the key vault. The asynchronous call returns a poller object. To wait for the result of the operation, call the poller's `result` method.
 
-When handling the request, Azure authenticates the caller's identity (the service principal) using the credential object you provided to the client.
+When Azure handles the request, it authenticates the caller's identity (the service principal) using the credential object you provided to the client.
 
 
 ### Retrieve a certificate
 
-To read a certificate from Key Vault, use the [get_certificate](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificateclient?#get-certificate-certificate-name----kwargs-) method:
+To read a certificate from Key Vault, use the [get_certificate](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificateclient#azure-keyvault-certificates-certificateclient-get-certificate) method:
 
 ```python
 retrieved_certificate = client.get_certificate(certificateName)
  ```
 
-You can also verify that the certificate has been set with the Azure CLI command [az keyvault certificate show](/cli/azure/keyvault/certificate?#az-keyvault-certificate-show).
+You can also verify that the certificate has been set with the Azure CLI command [az keyvault certificate show](/cli/azure/keyvault/certificate?#az-keyvault-certificate-show) or the Azure PowerShell cmdlet [Get-AzKeyVaultCertificate](/powershell/module/az.keyvault/get-azkeyvaultcertificate)
 
 ### Delete a certificate
 
-To delete a certificate, use the [begin_delete_certificate](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificateclient?#begin-delete-certificate-certificate-name----kwargs-) method:
+To delete a certificate, use the [begin_delete_certificate](/python/api/azure-keyvault-certificates/azure.keyvault.certificates.certificateclient#azure-keyvault-certificates-certificateclient-begin-delete-certificate) method:
 
 ```python
 poller = client.begin_delete_certificate(certificateName)
@@ -179,7 +210,7 @@ deleted_certificate = poller.result()
 
 The `begin_delete_certificate` method is asynchronous and returns a poller object. Calling the poller's `result` method waits for its completion.
 
-You can verify that the certificate is deleted with the Azure CLI command [az keyvault certificate show](/cli/azure/keyvault/certificate?#az-keyvault-certificate-show).
+You can verify that the certificate is deleted with the Azure CLI command [az keyvault certificate show](/cli/azure/keyvault/certificate#az-keyvault-certificate-show) or the Azure PowerShell cmdlet [Get-AzKeyVaultCertificate](/powershell/module/az.keyvault/get-azkeyvaultcertificate).
 
 Once deleted, a certificate remains in a deleted but recoverable state for a time. If you run the code again, use a different certificate name.
 
@@ -189,10 +220,20 @@ If you want to also experiment with [secrets](../secrets/quick-create-python.md)
 
 Otherwise, when you're finished with the resources created in this article, use the following command to delete the resource group and all its contained resources:
 
+### [Azure CLI](#tab/azure-cli)
+
 ```azurecli
 az group delete --resource-group myResourceGroup
 ```
 
+### [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+Remove-AzResourceGroup -Name myResourceGroup
+```
+
+---
+
 ## Next steps
 
 - [Overview of Azure Key Vault](../general/overview.md)