Azure API Management custom domain managed certificate


I’m attempting to add a custom domain for the gateway of an API Management instance. This requires amongst other things: a hostname, type and a certificate.

In the Azure portal the certificate can be one of Key Vault, Custom or Managed (Preview). In an attempt to both save on costs and responsibility I’d like to opt for a Managed certificate however can’t see any options or resources that offer support for this.

So far I’ve combed through the following resources to see if i can find any bit of information on how this may be possible:

  • azurerm_api_management
  • azurerm_api_management_custom_hostname
  • azurerm_key_vault
  • azurerm_key_vault_certificate
  • azurerm_app_service_managed_certificate.

Something I did try during my research into the issue was to create a custom domain with the correct details with a Managed certificate via the Azure portal and to then run terraform plan in my IDE and see what was different in the configuration.

I found:
- identity { - identity_ids = [] -> null - principal_id = "**redacted**" -> null - tenant_id = "**redacted**" -> null - type = "SystemAssigned" -> null }

Nothing about the actual certificate or hostname itself that was different so my assumption is that the hostname configuration itself would be stored in another resource, possibly azurerm_api_management_custom_hostname.

Any help or pushes in the right direction would be much appreciated, thanks