# cert stored in KeyVault
$orgName = "orgname"
$tenant = "$orgName.onmicrosoft.com"
$adminUrl = "https://$orgName-admin.sharepoint.com"
$clientID = "xxxx5b29-xx3d-xx0d-9axx-exxxxxxxxxfx"
$VaultName = 'AutomationVaultName'
$certName = 'CertificateName'
$secretSecureString = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certName
$secretPlainText = ConvertFrom-SecureString -AsPlainText -SecureString $secretSecureString.SecretValue
$secretByte = [Convert]::FromBase64String($secretPlainText)
$x509Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($secretByte, "", "Exportable,PersistKeySet")
Connect-PnPOnline -Url $adminUrl -ClientId $clientID -Certificate $x509Cert -Tenant $tenant
Based on: