How can we improve Azure API Management?

← API Management

Integration with Azure KeyVault

Currently, we store sensitive information in API Portal - Properties and use them as {{key}}

Provide integration of Azure KeyVault so that sensitive information can be stored in Azure KeyVault and allow using it inside API methods or policies like {{vault:key}}

By this feature, we will be able to centralize all the keys in the Azure KeyVault and use Properties only for non-sensitive information.

384 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Puneet Ghanshani shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

9 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Chad commented  ·   ·  Flag as inappropriate

    An important item to track here would be to support the KeyVault Sign operation for HSM backed Certificates used for backend mutual authentication (AKA Private Key Non Exportable + RSA-HSM ). This would important so Backend gateway "client cert" credentials can be used for mutual authentication in FIPS compliant fashion with the native KeyVault integration.

  • Gert Vloo commented  ·   ·  Flag as inappropriate

    Is there some update on this request?
    I would like to link a property to a key-vault, like how it is done in api-apps with the settings. That way the use of properties in policies stays the same and the costs of querying the key-vault are reduced.

    Example: @Microsoft.KeyVault(SecretUri=https://KEYVAULTNAME.vault.azure.net/secrets/VERYSECREDPASSWORD)

  • Kris Akins commented  ·   ·  Flag as inappropriate

    Support for certificates is good, but will there general support for key vault secrets, such as JWT signing keys?

  • Jorge Cruz commented  ·   ·  Flag as inappropriate

    Include the ability to retrieve Secrets from key vault and leverage them within Azure APIM Policy

  • Anonymous commented  ·   ·  Flag as inappropriate

    include ARM template integration, it's a nightmare now having to do base64 encoding and pass files -- would be better to pass a keyvault URI or resource reference

  • Dan Byrne commented  ·   ·  Flag as inappropriate

    We also request to have the API Management Subscription Keys stored in KeyVault for security purposes

  • Erik Oppedijk commented  ·   ·  Flag as inappropriate

    And please add a way to connect to different keyvaults, when using multiple tenants (dev/test/prod)

API Management: Integration

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice