From b2019bde6f3cadd6510fcf3d427a37333641f2d4 Mon Sep 17 00:00:00 2001
From: Jack OBrien <obri.jack.02@gmail.com>
Date: Tue, 4 Nov 2025 21:59:55 +1000
Subject: [PATCH] {Keyvault} `az keyvault key sign`: Document base64
 requirement for digest

---
 src/azure-cli/azure/cli/command_modules/keyvault/_help.py   | 4 ++--
 src/azure-cli/azure/cli/command_modules/keyvault/_params.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/_help.py b/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
index 4a15e041ad6..525b4c5b159 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/_help.py
@@ -379,7 +379,7 @@
 examples:
   - name: Create a signature from a digest using keyvault's key.
     text: |
-        az keyvault key sign --name mykey --vault-name myvault --algorithm RS256 --digest "12345678901234567890123456789012"
+        az keyvault key sign --name mykey --vault-name myvault --algorithm RS256 --digest "rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8="
 """
 
 helps['keyvault key verify'] = """
@@ -388,7 +388,7 @@
 examples:
   - name: Verify a signature using keyvault's key.
     text: |
-        az keyvault key verify --name mykey --vault-name myvault --algorithm RS256 --digest "12345678901234567890123456789012" --signature XXXYYYZZZ
+        az keyvault key verify --name mykey --vault-name myvault --algorithm RS256 --digest "rsBwZF/lPuOzdjBZN2E08FjMM3JHyXit0Xi2zN+wAZ8=" --signature XXXYYYZZZ
 """
 
 helps['keyvault key backup'] = """
diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/_params.py b/src/azure-cli/azure/cli/command_modules/keyvault/_params.py
index 6285496aed9..a9559c8a299 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/_params.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/_params.py
@@ -426,7 +426,7 @@ class CLISecurityDomainOperation(str, Enum):
         with self.argument_context('keyvault key {}'.format(scope)) as c:
             c.argument('algorithm', options_list=['--algorithm', '-a'], arg_type=get_enum_type(SignatureAlgorithm),
                        help='Algorithm identifier')
-            c.argument('digest', help='The value to sign')
+            c.argument('digest', help='The value to sign (base64 encoded)')
             c.argument('signature', help='signature to verify')
 
     with self.argument_context('keyvault key random') as c: