Home > Mobile >  How to reference secrets in Azure Container Apps?
How to reference secrets in Azure Container Apps?

Time:06-22

I've created a secret for my Azure Container App by adding the secret from the portal.

But how do I reference it inside my code, such as for a database connection string?

The section on using secrets says only:

Application secrets are referenced via the secretref property. Secret values are mapped to application-level secrets where the secretref value matches the secret name declared at the application level.

I should mention my container app is not a .NET app -- it's a Node.js service. Where is this secretref property to be found? I've checked environment variables in the running container and don't see the secret there.

CodePudding user response:

Secrets are made available as environment variables.

Let's say you have entered a secret named db_password in the Azure console and have deployed your container. Then your

az containerapp update --name myapp --resource-group myresgroup --set-env-vars "DB_PASSWORD=secretref:db_password"

In node.js, you can now access the value like this:

let db_password = process.env.DB_PASSWORD;

The az containerapp command is only needed once. It will still be in effect after the next container deployment.

CodePudding user response:

Naturally, I posted this and figured it out. The secrets are exposed by environment variables. I missed the syntax in the azure CLI example that did reference secretref, and Codo clarified how to do this via the CLI below -- but if you happen to be configuring secrets through the portal:

  1. In the left nav, click Secrets and create the secret in the portal.
  2. In the left nav, click "Containers" under the Revisions section.
  3. Pick the container where you want the secret published.
  4. At the top, click "Edit and Deploy"
  5. In the "Container Image" section select your image.
  6. In "Edit a container" skip down to Environment Variables and click "Add"
  7. Enter a name for the env var.
  8. Under "source", click "Reference a secret" then pick your secret.

Create the revision and you should be good to go. The application code can reference the environment variable to access the secret.

  • Related