Question 105960 in Azure Question posted in
The official documentation to get you started can be found here.

How to reference secrets in Azure Container Apps?

I’ve created a secret for my Azure Container App by adding the secret from the portal.

But how do I reference it inside my code, such as for a database connection string?

The section on using secrets says only:

Application secrets are referenced via the secretref property. Secret values are mapped to application-level secrets where the secretref value matches the secret name declared at the application level.

I should mention my container app is not a .NET app — it’s a Node.js service. Where is this secretref property to be found? I’ve checked environment variables in the running container and don’t see the secret there.

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    Naturally, I posted this and figured it out. The secrets are exposed by environment variables. I missed the syntax in the azure CLI example that did reference secretref, and Codo clarified how to do this via the CLI below -- but if you happen to be configuring secrets through the portal:

    1. In the left nav, click Secrets and create the secret in the portal.
    2. In the left nav, click "Containers" under the Revisions section.
    3. Pick the container where you want the secret published.
    4. At the top, click "Edit and Deploy"
    5. In the "Container Image" section select your image.
    6. In "Edit a container" skip down to Environment Variables and click "Add"
    7. Enter a name for the env var.
    8. Under "source", click "Reference a secret" then pick your secret.

    Create the revision and you should be good to go. The application code can reference the environment variable to access the secret.


  2. 0

    Secrets are made available as environment variables.

    Let’s say you have entered a secret named db_password in the Azure console and have deployed your container. Then your

    az containerapp update --name myapp --resource-group myresgroup --set-env-vars "DB_PASSWORD=secretref:db_password"

    In node.js, you can now access the value like this:

    let db_password = process.env.DB_PASSWORD;

    The az containerapp command is only needed once. It will still be in effect after the next container deployment.

    Login or Signup to reply.
  3. 0

    Using environment variable CosmosAccountName=secretref:cosmos-account from CLI display ‘container app’ name for CosmosAccountName in Azure Portal.

    I am creating container app and secrets using Pulumi(IaC) and deploying image with environment variables (contains secrets) using CLI. (Don’t want to configure it on Azure Portal)

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search