Managing secrets and common values

Once you have provisioned an Azure API Management instance, you can use a collection of key/value pairs which are called Named Values as constant strings across your all your API configurations and policies. Within the Azure Portal, you can in your API Management Instance manage these Named Values – by adding or editing the key/values.

A Named Value can contain literal strings or policy expressions, for instance: @(DateTime.Now.ToString()). Note that by selecting a Named Value, you can edit or even delete it.

In the policy, you can use the Named Value in one of the statements.

The Named Value can also be a secret (credential). For instance, when you import a Logic App, the shared access signature of the HTTP endpoint will be stored as a Named Value. When sending a request to the Logic App via API Management (gateway), the signature will be taken from Named Value collection to build up the endpoint URL.

An alternative when it comes to secrets and that is leveraging the Azure KeyVault service. Through allowing your Azure API Management instance (Managed Identity) to retrieve secrets from KeyVault, you can subsequently place your secrets there and set a reference to the value in the policy statement. This process will be explained in another Azure API Management tip.