How can we improve Azure API Management?

← API Management

Integration with Azure KeyVault

Currently, we store sensitive information in API Portal - Properties and use them as {{key}}

Provide integration of Azure KeyVault so that sensitive information can be stored in Azure KeyVault and allow using it inside API methods or policies like {{vault:key}}

By this feature, we will be able to centralize all the keys in the Azure KeyVault and use Properties only for non-sensitive information.

426 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Puneet Ghanshani shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

11 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Apurv Chandra commented  ·   ·  Flag as inappropriate

    Key vault being the standard solution for certificates and sensitive information, anywhere these are required the capability should be there to pull it directly.

    See it as planned, when is the this being released?

  • Chad commented  ·   ·  Flag as inappropriate

    An important item to track here would be to support the KeyVault Sign operation for HSM backed Certificates used for backend mutual authentication (AKA Private Key Non Exportable + RSA-HSM ). This would important so Backend gateway "client cert" credentials can be used for mutual authentication in FIPS compliant fashion with the native KeyVault integration.

  • Jeroen de Sitter commented  ·   ·  Flag as inappropriate

    I want to be able to create a named value and store a secret that cannot be retreived by anyone. Right now these named values can be read by anyone in the portal. We want to make them completely invisible after they are filled out.

  • Gert Vloo commented  ·   ·  Flag as inappropriate

    Is there some update on this request?
    I would like to link a property to a key-vault, like how it is done in api-apps with the settings. That way the use of properties in policies stays the same and the costs of querying the key-vault are reduced.

    Example: @Microsoft.KeyVault(SecretUri=https://KEYVAULTNAME.vault.azure.net/secrets/VERYSECREDPASSWORD)

  • Kris Akins commented  ·   ·  Flag as inappropriate

    Support for certificates is good, but will there general support for key vault secrets, such as JWT signing keys?

  • Jorge Cruz commented  ·   ·  Flag as inappropriate

    Include the ability to retrieve Secrets from key vault and leverage them within Azure APIM Policy

  • Anonymous commented  ·   ·  Flag as inappropriate

    include ARM template integration, it's a nightmare now having to do base64 encoding and pass files -- would be better to pass a keyvault URI or resource reference

  • Dan Byrne commented  ·   ·  Flag as inappropriate

    We also request to have the API Management Subscription Keys stored in KeyVault for security purposes

  • Erik Oppedijk commented  ·   ·  Flag as inappropriate

    And please add a way to connect to different keyvaults, when using multiple tenants (dev/test/prod)

API Management: Integration

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice