Azure CLI - API Management add named values from Key Vault

n cloud 46 Reputation points
2021-04-16T16:09:12.16+00:00

Hi,

I have a secret key which is part of Azure Key Vault. In API Management I would like to add my secret key in named values, therefore it can be used in api policies. This can be done manually over the portal, however I would like to achieve the same using script (az cli or powershell)

For creating a named value, az cli provides a command "az apim nv create....", but couldn't see an option to add the value from Key Vault.

https://learn.microsoft.com/en-us/cli/azure/apim/nv?view=azure-cli-latest#az_apim_nv_create

Please suggest if there are any options to make this happen programmatically.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,739 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MayankBargali-MSFT 68,066 Reputation points
    2021-04-19T05:05:28.46+00:00

    Hi @n cloud

    Welcome to Microsoft Q&A! Thanks for posting the question.

    Unfortunately, you cannot create Named Value from Key Vault for the APIM using Azure CLI.
    As per the latest CLI version for APIM the commands don't support it. Most of the features in Azure CLI are available once the APIs are GA. If you find any functionality missing in CLI then you can always create an Azure CLI issue/feature request.

    If you want to automate it programmatically then you can do it by calling the Azure Management REST API. I have looked into network traces of my browser and can see the preview version of APIM that is called to create the Named Value from Key Vault for the APIM. Once the API's are GA then only the documents are updated. But if you still want to automate it you can use the 2020-06-01-preview version API. You can take network traces as there can be other API calls to enable the permission on Key Vault.

    Named Value - Create or Update API: https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/namedvalue/createorupdate

    PUT
    https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourcegroupname}/providers/Microsoft.ApiManagement/service/{APIM Instance Name}/namedValues/{YourNamed Key}?api-version=2020-06-01-preview

    Request Body:
    {"properties":{"displayName":"{YourNamed Key}","secret":true,"tags":[],"keyVault":{"identityClientId":null,"secretIdentifier":"https://{keyvalutname}.vault.azure.net/secrets/{secretname}"}}}

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    1 person found this answer helpful.
    0 comments
  2. Johan Lander 1 Reputation point
    2021-11-09T12:04:03.687+00:00

    az rest --method put --uri https://management.azure.com/subscriptions/4ca353fe-1e9f-446d-8d5f-2f9232ed8958/resourceGroups/APIM-Dev/providers/Microsoft.ApiManagement/service/apim-test/namedValues/test?api-version=2020-06-01-preview --body "{'properties': {'displayName': 'test'','secret': true,'tags': [],'keyVault': {'identityClientId': null,'secretIdentifier': 'https://XXXX-keyvault.vault.azure.net/secrets/xxxx'}}}"

    az : ERROR: Bad Request({"error":{"code":"ValidationError","message":"After parsing a value an unexpected character was encountered: '. Path 'properties.displayName', line 1, position 94.","details":null}})
    At line:1 char:1

    • az rest --method put --uri https://management.azure.com/subscriptions ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : NotSpecified: (ERROR: Bad Requ...etails":null}}):String) [], RemoteException
    • FullyQualifiedErrorId : NativeCommandError
    0 comments