Reader roles should not be able to see subscription keys
Currently, users assigned the "Reader" or "Monitoring Reader" role are able to reveal subscription keys in the API Management portal. As is the case with other Azure products, secrets should not be accessible to members of these roles.
We will introduce a new version of the management API that would “hide” secrets from “reader” users. We will also introduce an explicit gesture to disable older versions of the API on a per API Management service instance basis.
Jeroen de Sitter commented
any idea when you will introduce this?