Share via

How to securely access Azure Keyvault from Docker Compose

Umer Rashid 90 Reputation points
2024-02-01T09:55:15.85+00:00

My understanding is that managed identities are not supported with muti-container web apps. In that case, I am wondering what is the recommended secure way to access Azure keyvault from a Docker compose web application.One option is to create a service principal, grant it access to the keyvault and store the service principal's credentials in the environment file. Is that the recommended approach to access keyvault from docker compose webapp? Please let me know if there are other options available.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,397 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,475 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,699 questions
0 comments
Accepted answer
  1. Sam Cogan 10,802 Reputation points MVP
    2024-02-01T11:30:40.69+00:00

    The most secure option is to use managed identity; as you say, you cannot do this with a multi-container app service. However, this can be achieved using Azure Container apps, so one option would be to move to using that. If you want to stick with App Service, then using a service principle would be the next best option, but you will need to ensure you keep good security around the credentials and rotate it regularly.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.