Merge pull request #100541 from vladvino/jedi

PRMerger12 · web-flow · commit 3da3d53ec9ac · 2020-01-09T11:24:01.000-08:00
Added notes on using AKV for certs and NVs
diff --git a/articles/api-management/api-management-howto-mutual-certificates.md b/articles/api-management/api-management-howto-mutual-certificates.md
@@ -12,7 +12,7 @@ ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
 ms.topic: article
-ms.date: 06/20/2018
+ms.date: 01/08/2020
 ms.author: apimpm
 ---
 
@@ -26,19 +26,22 @@ For information about managing certificates using the API Management REST API, s
 
 [!INCLUDE [updated-for-az](../../includes/updated-for-az.md)]
 
-This guide shows you how to configure your API Management service instance to use client certificate authentication to access the back-end service for an API. Before following the steps in this article, you should have your back-end service configured for client certificate authentication ([to configure certificate authentication in Azure WebSites refer to this article][to configure certificate authentication in Azure WebSites refer to this article]). You need access to the certificate and the password for uploading it to the API Management service.
+This guide shows you how to configure your API Management service instance to use client certificate authentication to access the back-end service for an API. Before following the steps in this article, you should have your back-end service configured for client certificate authentication ([to configure certificate authentication in the Azure App Service refer to this article][to configure certificate authentication in Azure WebSites refer to this article]). You need access to the certificate and the password for uploading it to the API Management service.
 
 ## <a name="step1"> </a>Upload a Certificate
 
+> [!NOTE]
+> Instead of an uploaded certificate you can use a certificate stored in the [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) service as shown in this [example](https://github.com/galiniliev/api-management-policy-snippets/blob/galin/AkvCert/examples/Look%20up%20Key%20Vault%20certificate%20using%20Managed%20Service%20Identity%20and%20call%20backend.policy.xml).
+
 ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-new.png)
 
 Follow the steps below to upload a new client certificate. If you have not created an API Management service instance yet, see the tutorial [Create an API Management service instance][Create an API Management service instance].
 
 1. Navigate to your Azure API Management service instance in the Azure portal.
 2. Select **Certificates** from the menu.
-3. Click the **+ Add** button.  
-    ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-add.png)  
-4. Browse for the certificate, provide its ID and password.  
+3. Click the **+ Add** button.
+    ![Add client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-add.png)
+4. Browse for the certificate, provide its ID and password.
 5. Click **Create**.
 
 > [!NOTE]
@@ -61,14 +64,14 @@ If the certificate is in use by an API, then a warning screen is displayed. To d
 
 ## <a name="step2"> </a>Configure an API to use a client certificate for gateway authentication
 
-1. Click **APIs** from the **API Management** menu on the left and navigate to the API.  
+1. Click **APIs** from the **API Management** menu on the left and navigate to the API.
     ![Enable client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-enable.png)
 
-2. In the **Design** tab, click on a pencil icon of the **Backend** section. 
-3. Change the **Gateway credentials** to **Client cert** and select your certificate from the dropdown.  
+2. In the **Design** tab, click on a pencil icon of the **Backend** section.
+3. Change the **Gateway credentials** to **Client cert** and select your certificate from the dropdown.
     ![Enable client certificates](media/api-management-howto-mutual-certificates/apim-client-cert-enable-select.png)
 
-4. Click **Save**. 
+4. Click **Save**.
 
 > [!WARNING]
 > This change is effective immediately, and calls to operations of that API will use the certificate to authenticate on the back-end server.
diff --git a/articles/api-management/api-management-howto-properties.md b/articles/api-management/api-management-howto-properties.md
@@ -11,21 +11,21 @@ ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
 ms.topic: article
-ms.date: 11/05/2019
+ms.date: 01/08/2020
 ms.author: apimpm
 ---
 
 # How to use named values in Azure API Management policies
 
 API Management policies are a powerful capability of the system that allow the Azure portal to change the behavior of the API through configuration. Policies are a collection of statements that are executed sequentially on the request or response of an API. Policy statements can be constructed using literal text values, policy expressions, and named values.
 
-Each API Management service instance has a properties collection of key/value pairs, which is called named values, that are global to the service instance. There is no imposed limit on the number of items in the collection. Named values can be used to manage constant string values across all API configuration and policies. Each named value may have the following attributes:
+Each API Management service instance has a collection of key/value pairs, which is called named values, that are global to the service instance. There is no imposed limit on the number of items in the collection. Named values can be used to manage constant string values across all API configuration and policies. Each named value may have the following attributes:
 
-| Attribute      | Type            | Description                                                                                                                         |
-| -------------- | --------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| Attribute      | Type            | Description                                                                                                                            |
+| -------------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
 | `Display name` | string          | Used for referencing the named value in policies. A string of one to 256 characters. Only letters, numbers, dot, and dash are allowed. |
-| `Value`        | string          | Actual value. Must not be empty or consist only of whitespace. Maximum of 4096 characters long.                                     |
-| `Secret`       | boolean         | Determines whether the value is a secret and should be encrypted or not.                                                            |
+| `Value`        | string          | Actual value. Must not be empty or consist only of whitespace. Maximum of 4096 characters long.                                        |
+| `Secret`       | boolean         | Determines whether the value is a secret and should be encrypted or not.                                                               |
 | `Tags`         | array of string | Used to filter the named value list. Up to 32 tags.                                                                                    |
 
 ![Named values](./media/api-management-howto-properties/named-values.png)
@@ -38,6 +38,9 @@ Named values can contain literal strings and [policy expressions](/azure/api-man
 | Credential | ••••••••••••••••••••••     | True   | security      |
 | Expression | @(DateTime.Now.ToString()) | False  |               |
 
+> [!NOTE]
+> Instead of named values stored within an API Management service, you can use values stored in the [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) service as demonstrated by this [example](https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Look%20up%20Key%20Vault%20secret%20using%20Managed%20Service%20Identity.policy.xml).
+
 ## To add and edit a named value
 
 ![Add a named value](./media/api-management-howto-properties/add-property.png)
@@ -46,7 +49,7 @@ Named values can contain literal strings and [policy expressions](/azure/api-man
 2. Select **Named values**.
 3. Press **+Add**.
 
-    Name and Value are required values. If value is a secret, check the *This is a secret* checkbox. Enter one or more optional tags to help with organizing your named values, and click Save.
+    Name and Value are required values. If value is a secret, check the _This is a secret_ checkbox. Enter one or more optional tags to help with organizing your named values, and click Save.
 
 4. Click **Create**.
 
