For the difference between Keys, Secrets, and Certificates, please refer to Azure Key Vault documentation, under Object Types:
Think of Secrets as passwords and connection strings. Keys are cryptographic keys that can be generated using various algorithms. And Certificates are keys (or key pairs) with optional policies such as auto rotation.
There is an advantage in authenticating using a certificate instead of a secret. The advantage is a certificate has a private and a public key part. The recipient of your API call can authenticate who you are using only the public portion of your certificate, while you safely safeguard the private part in your key vault. Secrets are shared between calling and called parties and are transmitted over the wire, and therefore there are more opportunities for them to leak.
