refactored includes

Author: gitName

articles/api-management/api-management-howto-properties.md

@@ -59,8 +59,6 @@ Using key vault secrets is recommended because it helps improve API Management s
 
 - Enable a system-assigned or user-assigned [managed identity](api-management-howto-use-managed-service-identity.md) in the API Management instance.
 
-[!INCLUDE [api-management-key-vault-access](../../includes/api-management-key-vault-access.md)]
-
 [!INCLUDE [api-management-key-vault-secret-access](../../includes/api-management-key-vault-secret-access.md)]
 
 [!INCLUDE [api-management-key-vault-network](../../includes/api-management-key-vault-network.md)]

articles/api-management/api-management-howto-use-managed-service-identity.md

@@ -125,8 +125,6 @@ The `tenantId` property identifies which Microsoft Entra tenant the identity bel
 
 The following configurations are needed for API Management to access certificates from an Azure key vault.
 
-[!INCLUDE [api-management-key-vault-access](../../includes/api-management-key-vault-access.md)]
-
 [!INCLUDE [api-management-key-vault-certificate-access](../../includes/api-management-key-vault-certificate-access.md)]
 
 [!INCLUDE [api-management-key-vault-network](../../includes/api-management-key-vault-network.md)]

articles/api-management/configure-custom-domain.md

@@ -89,8 +89,6 @@ To fetch a TLS/SSL certificate, API Management must have the list and get secret
     1. On the **Managed identities** page of your API Management instance, enable a system-assigned or user-assigned [managed identity](api-management-howto-use-managed-service-identity.md). Note the principal ID on that page.
     1.  Assign permissions to the managed identity to access the key vault. Use steps in the following section.
 
-    [!INCLUDE [api-management-key-vault-access](../../includes/api-management-key-vault-access.md)]
-
     [!INCLUDE [api-management-key-vault-certificate-access](../../includes/api-management-key-vault-certificate-access.md)]
 
 If the certificate is set to `autorenew` and your API Management tier has an SLA (that is, in all tiers except the Developer tier), API Management will pick up the latest version automatically, without downtime to the service.

includes/api-management-key-vault-access.md

@@ -11,11 +11,14 @@ ms.author: danlep
 1. In the left menu, select **Access configuration**, and note the **Permission model** that is configured.
 1. Depending on the permission model, configure either a [key vault access policy](/azure/key-vault/general/assign-access-policy) or [Azure RBAC access](/azure/key-vault/general/rbac-guide) for an API Management managed identity.
 
-    **To add a key vault access policy:<br/>**
+**To add a key vault access policy:<br/>**
+
+1. In the left menu, select **Access policies**.
+1. On the **Access policies** page,select **+ Create**.
+1. On the **Permissions** tab, under **Secret permissions**, select **Get** and **List**, then select **Next**.
+1. On the **Principal** tab,  **Select principal**, search for  the resource name of your managed identity, and then select **Next**.
+     If you're using a system-assigned identity, the principal is the name of your API Management instance.
+1. Select **Next** again. On the **Review + create** tab, select **Create**.
+
 
-    1. In the left menu, select **Access policies**.
-    1. On the **Access policies** page,select **+ Create**.
-    1. On the **Permissions** tab, under **Secret permissions**, select **Get** and **List**, then select **Next**.
-    1. On the **Principal** tab,  **Select principal**, search for  the resource name of your managed identity, and then select **Next**.
-         If you're using a system-assigned identity, the principal is the name of your API Management instance.
-    1. Select **Next** again. On the **Review + create** tab, select **Create**.
+

includes/api-management-key-vault-certificate-access.md

@@ -5,11 +5,13 @@ ms.topic: include
 ms.date: 02/21/2025
 ms.author: danlep
 ---   
-**To configure Azure RBAC access:<br/>**
-
-1. In the left menu, select **Access control (IAM)**.
-1. On the **Access control (IAM)** page, select **Add role assignment**.
-1. On the **Role** tab, select **Key Vault Certificate User**.
-1. On the **Members** tab, select **Managed identity** > **+ Select members**.
-1. On the **Select managed identity** page, select the system-assigned managed identity or a user-assigned managed identity associated with your API Management instance, and then select **Select**.
-1. Select **Review + assign**.
+[!INCLUDE [api-management-key-vault-access](api-management-key-vault-access.md)]
+    
+    **To configure Azure RBAC access:<br/>**
+        
+    1. In the left menu, select **Access control (IAM)**.
+    1. On the **Access control (IAM)** page, select **Add role assignment**.
+    1. On the **Role** tab, select **Key Vault Certificate User**.
+    1. On the **Members** tab, select **Managed identity** > **+ Select members**.
+    1. On the **Select managed identity** page, select the system-assigned managed identity or a user-assigned managed identity associated with your API Management instance, and then select **Select**.
+    1. Select **Review + assign**.

includes/api-management-key-vault-secret-access.md

@@ -5,11 +5,13 @@ ms.topic: include
 ms.date: 02/21/2025
 ms.author: danlep
 ---   
+[!INCLUDE [api-management-key-vault-access](api-management-key-vault-access.md)]
+    
 **To configure Azure RBAC access:<br/>**
 
 1. In the left menu, select **Access control (IAM)**.
 1. On the **Access control (IAM)** page, select **Add role assignment**.
 1. On the **Role** tab, select **Key Vault Secrets User**.
 1. On the **Members** tab, select **Managed identity** > **+ Select members**.
 1. On the **Select managed identity** page, select the system-assigned managed identity or a user-assigned managed identity associated with your API Management instance, and then select **Select**.
-1. Select **Review + assign**.
+1. Select **Review + assign**.