Yes, the value that we receive from the Azure Key Vault should contain both certificate and key in this format:

— — -BEGIN RSA PRIVATE KEY — — -
…
— — -END RSA PRIVATE KEY — — -
— — -BEGIN CERTIFICATE — — -
…
— — -END CERTIFICATE — — -

Make sure that when you generate the self-signed certificate on Azure Key Vault, its content type is set to pem as the following example code in Terraform:

secret_properties {
content_type = “application/x-pem-file”
}