Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,151 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Abhishek Sinha ,
You cannot hide or encrypt the APIM key as APIM will not be able to authenticate the request if you have encrypted the Ocp-Apim-Subscription-Key header or if you are not passing this header. The service needs the subscription key without encryption since it is the first step to authenticate the request.
One option would be to have a middle services/proxy that makes a front end call and a middle/service proxy that makes the call to APIM using the plain text subscription key. Another option would be to enable JWT bearer token enabling to secure the API.
The Azure security baseline for API Management document contains guidelines around to secure your cloud solutions on Azure and security controls defined by the Azure Security Benchmark, as well as guideliness applicable to API Management.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.