How to reference secrets in Azure Container Apps?

GlennScott
June 21, 2022
162 views
2 votes
3 Answers

I’ve created a secret for my Azure Container App by adding the secret from the portal.

But how do I reference it inside my code, such as for a database connection string?

The section on using secrets says only:

Application secrets are referenced via the secretref property. Secret values are mapped to application-level secrets where the secretref value matches the secret name declared at the application level.

I should mention my container app is not a .NET app — it’s a Node.js service. Where is this secretref property to be found? I’ve checked environment variables in the running container and don’t see the secret there.

Tags: azure azure-container-apps

Answers

Chosen as BEST ANSWER
- GlennScott
- June 21, 2022 at 8:35 pm
- 0 votes
0
Naturally, I posted this and figured it out. The secrets are exposed by environment variables. I missed the syntax in the azure CLI example that did reference secretref, and Codo clarified how to do this via the CLI below -- but if you happen to be configuring secrets through the portal:
1. In the left nav, click Secrets and create the secret in the portal.
2. In the left nav, click "Containers" under the Revisions section.
3. Pick the container where you want the secret published.
4. At the top, click "Edit and Deploy"
5. In the "Container Image" section select your image.
6. In "Edit a container" skip down to Environment Variables and click "Add"
7. Enter a name for the env var.
8. Under "source", click "Reference a secret" then pick your secret.
Create the revision and you should be good to go. The application code can reference the environment variable to access the secret.

(Edit)

- Codo
- June 21, 2022 at 8:31 pm
- 0 votes
0
Secrets are made available as environment variables.

Let’s say you have entered a secret named db_password in the Azure console and have deployed your container. Then your
```
az containerapp update --name myapp --resource-group myresgroup --set-env-vars "DB_PASSWORD=secretref:db_password"
```
In node.js, you can now access the value like this:
```
let db_password = process.env.DB_PASSWORD;
```
The az containerapp command is only needed once. It will still be in effect after the next container deployment.
Login or Signup to reply.

- RanjeetPandey
- August 8, 2022 at 5:36 pm
- 0 votes
0
Using environment variable CosmosAccountName=secretref:cosmos-account from CLI display ‘container app’ name for CosmosAccountName in Azure Portal.

I am creating container app and secrets using Pulumi(IaC) and deploying image with environment variables (contains secrets) using CLI. (Don’t want to configure it on Azure Portal)

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.