Adding Authorization headers for egress requests

Hey everyone.

I’m currently working on a project to start to modernize our existing platform at my place of work. The current situation requires us to have services running inside of the mesh be able to call ‘legacy’ services running on VMs using existing API keys.

I’d like to avoid pushing those api keys into the applications themselves if possible or even in an egress gateway. Is this something that’s possible in Istio today or are we stuck with something a little heavier like building a service in the mesh that bridges the gap for us?