Using a certificate instead of a client secret

[mikez]

In the Entra admin center it says "For a higher level of assurance, we recommend using a certificate (instead of a client secret) as a credential".

Is this something that the "identity" library or "msal" can help with?
Here's a reference:
https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials

[rayluo]

By default, this web app sample demonstrates reading client_credential from an ENV VAR which is typically a client secret string.
However, if you somehow organize your certificate information in the format described by msal.ConfidentialClientApplication's client_credential parameter, this sample is expected to use that certificate. You can give it a try.