Create an API Management service with SSL from KeyVault

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure


The Template deploys API Management service Standard Tier with integration with Managed Identities. Please refer to documentation at

The template shows how to create an API Management with SSL retrieved from Key Vault using a single click deployment using User Assigned identities.

With System Assigned identity, associating an API Management with SSL was a two step process. With User Assigned identities, this is single step.

It deploys the following components

  • User Assigned Managed Identity
  • Key Vault which is granted access to the Managed Identity
  • API Management service which is assigned access to the Key Vault using User Assigned Identity.
  • The API Management protocols and ciphers are configured to enhance security

If you're new to Azure API Management, see:

If you're new to Azure Key Vault, see:

If you're new to the template development, see:

Tags: API, API Management, Azure API Management, Azure Key Vault, Key Vault, Secret, Certificate, Managed Identity, Microsoft.ManagedIdentity/userAssignedIdentities, Microsoft.KeyVault/vaults, Microsoft.KeyVault/vaults/secrets, Microsoft.Authorization/roleAssignments, Microsoft.ApiManagement/service, UserAssigned, Proxy