Hey team,
Looking for a way to securely connect from a D365 plugin to an API external to D365 (e.g. an APIM endpoint in the same tenant; or a truly external third party's service) using certificate-based authentication.
In our case, we need it to be synchronous, so we've chosen a plugin over power automate.
We're able to connect using a certificate with HttpClient, however we have to pass in the very sensitive certificate details (including private key + password) via the plugin registration step's "Secure config" field. While workable in the short term, it is less than ideal as it exposes sensitive data to more people than strictly necessary.
At time of writing, the "Secure environment variable" feature is still in preview and isn't supported from plugins (yet). Once GA, this will let us grab the details from Azure KeyVault using a connection reference setup once in each environemnt, which would be awesome.
Hoping someone's come across a better way to inject sensitive info into plugins in the interim?
Dynamics 365 Customer Engagement.