Adding doc

Author: Nirjan Chapagain

src/VirtualClient/VirtualClient.Core/KeyVaultManager.cs

@@ -220,8 +220,8 @@ public async Task<X509Certificate2> GetCertificateAsync(
 
             var credentials = ((DependencyKeyVaultStore)this.StoreDescription).Credentials;
 
-            CertificateClient certificateClient = this.CreateCertificateClient(vaultUri, credentials);
-            SecretClient secretClient = this.CreateSecretClient(vaultUri, credentials);
+            CertificateClient certificateClient = this.CreateCertificateClient(vaultUri, credentials); // For public cert.
+            SecretClient secretClient = this.CreateSecretClient(vaultUri, credentials); // For private cert (PFX)
 
             try
             {

src/VirtualClient/VirtualClient.Dependencies/CertificateInstallation.cs

@@ -151,7 +151,6 @@ protected override async Task ExecuteAsync(EventContext telemetryContext, Cancel
 
                     string certificatePath = this.Combine(this.CertificateDownloadDir, certificateFileName);
 
-                    // Delete existing certificate file
                     if (this.fileSystem.File.Exists(certificatePath))
                     {
                         this.fileSystem.File.Delete(certificatePath);
@@ -279,22 +278,5 @@ protected IKeyVaultManager GetKeyVaultManager()
                     $"Either valid --KeyVault or --Token or --TokenPath must be passed in order to set up authentication with Key Vault.");
             }
         }
-
-        /// <summary>
-        /// Tries to get certificate data, returning null if an exception occurs.
-        /// </summary>
-        private byte[] TryGetCertData(Func<byte[]> getCertData)
-        {
-            try
-            {
-                return getCertData();
-            }
-            catch (Exception exc)
-            {
-                Console.WriteLine(exc.ToString());
-                Console.WriteLine("\n\n\n\n=================================================================================\n");
-                return null;
-            }
-        }
     }
 }

website/docs/guides/0010-command-line.md

@@ -155,6 +155,7 @@ The following tables describe the various subcommands that are supported by the
   | --key-vault, --kv=\<keyVaultUri\>                               | No*      | uri                          | Azure Key Vault URI to source the certificate from (e.g. `https://myvault.vault.azure.net/`). Required when doing **certificate bootstrapping**. |
   | --token, --access-token=\<accessToken\>                         | No       | string                       | Optional access token used to authenticate to Key Vault when installing certificates. If not provided, Virtual Client uses the default Azure credential flow (e.g. Azure CLI, Managed Identity, etc.). |
   | --tenant-Id, --tid=\<tenantId\>                                 | No       | string                       | Azure Active Directory tenant ID used for authentication. |
+  | --certificateDownloadDir                                        | No       | string                       | Directory path where downloaded certificates can also be stored. |
   | --c, --client-id=\<id\>                                         | No       | string/text                  | Identifier to uniquely identify the instance (telemetry correlation). |
   | --clean=\<target,target...\>                                    | No       | string                       | Perform an initial cleanup (logs/packages/state/temp/all). |
   | --cs, --content, --content-store=\<connection\>                 | No       | string/connection string/SAS | Storage connection for uploading files/content (e.g. logs). |