![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 30%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,126 questions
Hi @Nagender Tipparna , I haven't tested it but you should be able to hide/mask the OCP APIM subscription key in Azure portal APIM policies by using named values. Named values are a way to store and reference values in your APIM policies without exposing them in plain text.
Here are the high-level steps to use named values to hide/mask the OCP APIM subscription key:
- Create a named value for the OCP APIM subscription key in your APIM instance.
- Store the OCP APIM subscription key in Azure Key Vault.
- Reference the named value in your APIM policies instead of the OCP APIM subscription key.
Here's an example policy that shows how to use named values to reference the OCP APIM subscription key:
<policies>
<inbound>
<base />
<set-header name="Ocp-Apim-Subscription-Key" exists-action="override">
<value>@{
var keyVaultUri = "https://your-key-vault-name.vault.azure.net/";
var secretName = "your-secret-name";
var secretVersion = "your-secret-version";
var secretUri = $"{keyVaultUri}secrets/{secretName}/{secretVersion}";
var secretValue = await context.Backend.SendAsync(new HttpRequestMessage(HttpMethod.Get, secretUri));
return $"{{{{named-value:{secretValue.Content.ReadAsStringAsync().Result}}}}}";
}</value>
</set-header>
...
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James