I've created a secret for my Azure Container App by adding the secret from the portal.
But how do I reference it inside my code, such as for a database connection string?
The section on using secrets says only:
Application secrets are referenced via the
secretref
property. Secret values are mapped to application-level secrets where thesecretref
value matches the secret name declared at the application level.
I should mention my container app is not a .NET app -- it's a Node.js service. Where is this secretref
property to be found? I've checked environment variables in the running container and don't see the secret there.
CodePudding user response:
Secrets are made available as environment variables.
Let's say you have entered a secret named db_password
in the Azure console and have deployed your container. Then your
az containerapp update --name myapp --resource-group myresgroup --set-env-vars "DB_PASSWORD=secretref:db_password"
In node.js, you can now access the value like this:
let db_password = process.env.DB_PASSWORD;
The az containerapp
command is only needed once. It will still be in effect after the next container deployment.
CodePudding user response:
Naturally, I posted this and figured it out. The secrets are exposed by environment variables. I missed the syntax in the azure CLI example that did reference secretref
, and Codo clarified how to do this via the CLI below -- but if you happen to be configuring secrets through the portal:
- In the left nav, click Secrets and create the secret in the portal.
- In the left nav, click "Containers" under the Revisions section.
- Pick the container where you want the secret published.
- At the top, click "Edit and Deploy"
- In the "Container Image" section select your image.
- In "Edit a container" skip down to Environment Variables and click "Add"
- Enter a name for the env var.
- Under "source", click "Reference a secret" then pick your secret.
Create the revision and you should be good to go. The application code can reference the environment variable to access the secret.