hi folks, trying to limit exposure of the apikey on a managed ST to a minimum