none
Read Key Vault value in policy with Azure API Management RRS feed

  • Question

  • Is it possible to read value saved in Key Vault, or Key Vaulted value in Named Values?


    Managed Identities have been enabled in APIM, and Secrete is created in Key Vault.


        <policies>
            <inbound>
                <base />
                <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Error:" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
                    <openid-config url="https://xxx" />
                    <audiences>
                        <audience>read it from Key Vault, or KeyValted value in Named Values</audience>
                    </audiences>
                    <issuers>
                        <issuer>https://openid-connect-eu.onelogin.com/oidc</issuer>
                    </issuers>
                </validate-jwt>
            </inbound>
            <backend>
                <base />
            </backend>
            <outbound>
                <base />
            </outbound>
            <on-error>
                <base />
            </on-error>
        </policies>

    The links below seem relevant, but I wonder if there is simpler code, like a one line of code that used for Azure Functions.


    https://madeofstrings.com/2019/06/13/azure-api-management-key-vault-and-managed-identities/

    https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-use-managed-service-identity



    Wednesday, July 17, 2019 3:52 PM

All replies

  • The way it is mentioned in the article is correct. You can use it like a Azure Function.

    Retrieving a secret using send-request policy:

    <send-request mode="new" response-variable-name="secretResponse" timeout="20" ignore-error="false">
      <set-url>{{vaultBaseUrl}}/secrets/{{secret-name}}/?api-version=7.0</set-url>
      <set-method>GET</set-method>
      <authentication-managed-identity resource="https://vault.azure.net" />
    </send-request>

    Wednesday, July 17, 2019 4:25 PM
    Moderator