question

nhscloud-4889 avatar image
0 Votes"
nhscloud-4889 asked JohanLander-Ascenda edited

Azure CLI - API Management add named values from Key Vault

Hi,

I have a secret key which is part of Azure Key Vault. In API Management I would like to add my secret key in named values, therefore it can be used in api policies. This can be done manually over the portal, however I would like to achieve the same using script (az cli or powershell)

For creating a named value, az cli provides a command "az apim nv create....", but couldn't see an option to add the value from Key Vault.

https://docs.microsoft.com/en-us/cli/azure/apim/nv?view=azure-cli-latest#az_apim_nv_create

Please suggest if there are any options to make this happen programmatically.

azure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MayankBargali-MSFT avatar image
1 Vote"
MayankBargali-MSFT answered

Hi @nhscloud-4889

Welcome to Microsoft Q&A! Thanks for posting the question.

Unfortunately, you cannot create Named Value from Key Vault for the APIM using Azure CLI.
As per the latest CLI version for APIM the commands don't support it. Most of the features in Azure CLI are available once the APIs are GA. If you find any functionality missing in CLI then you can always create an Azure CLI issue/feature request.

If you want to automate it programmatically then you can do it by calling the Azure Management REST API. I have looked into network traces of my browser and can see the preview version of APIM that is called to create the Named Value from Key Vault for the APIM. Once the API's are GA then only the documents are updated. But if you still want to automate it you can use the 2020-06-01-preview version API. You can take network traces as there can be other API calls to enable the permission on Key Vault.

Named Value - Create or Update API: https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/namedvalue/createorupdate

PUT
https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourcegroupname}/providers/Microsoft.ApiManagement/service/{APIM Instance Name}/namedValues/{YourNamed Key}?api-version=2020-06-01-preview

Request Body:
{"properties":{"displayName":"{YourNamed Key}","secret":true,"tags":[],"keyVault":{"identityClientId":null,"secretIdentifier":"https://{keyvalutname}.vault.azure.net/secrets/{secretname}"}}}

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JohanLander-Ascenda avatar image
0 Votes"
JohanLander-Ascenda answered JohanLander-Ascenda edited

az rest --method put --uri https://management.azure.com/subscriptions/4ca353fe-1e9f-446d-8d5f-2f9232ed8958/resourceGroups/APIM-Dev/providers/Microsoft.ApiManagement/service/apim-test/namedValues/test?api-version=2020-06-01-preview --body "{'properties': {'displayName': 'test'','secret': true,'tags': [],'keyVault': {'identityClientId': null,'secretIdentifier': 'https://XXXX-keyvault.vault.azure.net/secrets/xxxx'}}}"

az : ERROR: Bad Request({"error":{"code":"ValidationError","message":"After parsing a value an unexpected character was encountered: '. Path 'properties.displayName', line 1, position 94.","details":null}})
At line:1 char:1
+ az rest --method put --uri https://management.azure.com/subscriptions ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (ERROR: Bad Requ...etails":null}}):String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.