Skip to content

Use encrypted named values#

Security · API Management · Azure.APIM.EncryptValues

API Management named values should be encrypted.

Description#

API Management allows configuration properties to be saved as named values. Named values are a key/ value pairs, which may contain sensitive information.

When named values are marked as secret they are masked by default in the portal.

Recommendation#

Consider encrypting all API Management named values.

Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls.


Last update: 2021-09-24