Reading secrets from inside a container app

Peter 21 Reputation points
2021-11-29T09:57:16.397+00:00

I'm running a linux container with Azure Container Apps(Preview).

The secrets are defined in the Azure portal.
153248-image.png

How can I access these secrets from inside the container?
They don't appear as environment variables.
There is no /mnt/secrets directory.

There is a /var/run/secrets and /run/secrets, both containing the following items.
But no one of the defined keys from the portal is listed here.

/var/run/secrets/kubernetes.io/serviceaccount/..2021_11_29_11_47_27.967096074/namespace	  
/var/run/secrets/kubernetes.io/serviceaccount/..2021_11_29_11_47_27.967096074/token	  
/var/run/secrets/kubernetes.io/serviceaccount/..2021_11_29_11_47_27.967096074/ca.crt	  
/var/run/secrets/kubernetes.io/serviceaccount/..data/namespace	  
/var/run/secrets/kubernetes.io/serviceaccount/..data/ca.crt	  
/var/run/secrets/kubernetes.io/serviceaccount/..data/token	  
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt	  
/var/run/secrets/kubernetes.io/serviceaccount/namespace	  
/var/run/secrets/kubernetes.io/serviceaccount/token  

The key for the secrets was required to be lowercase only which might indicate that this is some other kind of configuration.
Still the description above the list of key-value pairs clearly states: "Secrets are key/value pairs than can be used to protect sensitive data like passwords and connection strings."
153308-image.png

How can the running container access the secrets?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,517 questions
{count} votes

1 additional answer

Sort by: Most helpful
  1. Nils Hedström 1 Reputation point
    2022-01-26T11:34:12.823+00:00

    Based on the example on https://learn.microsoft.com/en-us/azure/container-apps/secure-app?tabs=arm-template#example I was able to access secrets from my Azure Container App

    The key was to create an environmental variable with a referece to the secret
    "template": {
    "containers": [
    {
    "image": "myregistry/myQueueApp:v1",
    "name": "myQueueApp",
    "env": [
    {
    "name": "QueueName",
    "value": "myqueue"
    },
    {
    "name": "ConnectionString",
    "secretref": "queue-connection-string"
    }
    ]
    }
    ],

    0 comments No comments