Integration with Azure KeyVault
Currently, we store sensitive information in API Portal - Properties and use them as {{key}}
Provide integration of Azure KeyVault so that sensitive information can be stored in Azure KeyVault and allow using it inside API methods or policies like {{vault:key}}
By this feature, we will be able to centralize all the keys in the Azure KeyVault and use Properties only for non-sensitive information.

13 comments
-
Anonymous commented
Enhance data protection and compliance. Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets
-
Galin Iliev commented
While we are working on a less laborious solution here is an example of how can be achieved with policy
-
Apurv Chandra commented
Key vault being the standard solution for certificates and sensitive information, anywhere these are required the capability should be there to pull it directly.
See it as planned, when is the this being released?
-
Chad commented
An important item to track here would be to support the KeyVault Sign operation for HSM backed Certificates used for backend mutual authentication (AKA Private Key Non Exportable + RSA-HSM ). This would important so Backend gateway "client cert" credentials can be used for mutual authentication in FIPS compliant fashion with the native KeyVault integration.
-
Jeroen de Sitter commented
I want to be able to create a named value and store a secret that cannot be retreived by anyone. Right now these named values can be read by anyone in the portal. We want to make them completely invisible after they are filled out.
-
Gert Vloo commented
Is there some update on this request?
I would like to link a property to a key-vault, like how it is done in api-apps with the settings. That way the use of properties in policies stays the same and the costs of querying the key-vault are reduced.Example: @Microsoft.KeyVault(SecretUri=https://KEYVAULTNAME.vault.azure.net/secrets/VERYSECREDPASSWORD)
-
Kris Akins commented
Support for certificates is good, but will there general support for key vault secrets, such as JWT signing keys?
-
Jorge Cruz commented
Include the ability to retrieve Secrets from key vault and leverage them within Azure APIM Policy
-
Anonymous commented
include ARM template integration, it's a nightmare now having to do base64 encoding and pass files -- would be better to pass a keyvault URI or resource reference
-
Laurent Lesle commented
+ key rotation
-
Alec Massey commented
This is a definite must for Azure - AWS already offer this kind of integration
-
Dan Byrne commented
We also request to have the API Management Subscription Keys stored in KeyVault for security purposes
-
Erik Oppedijk commented
And please add a way to connect to different keyvaults, when using multiple tenants (dev/test/prod)