This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 27%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
I'm running a linux container with Azure Container Apps(Preview).
The secrets are defined in the Azure portal.
How can I access these secrets from inside the container?
They don't appear as environment variables.
There is no /mnt/secrets directory.
There is a /var/run/secrets and /run/secrets, both containing the following items.
But no one of the defined keys from the portal is listed here.
/var/run/secrets/kubernetes.io/serviceaccount/..2021_11_29_11_47_27.967096074/namespace
/var/run/secrets/kubernetes.io/serviceaccount/..2021_11_29_11_47_27.967096074/token
/var/run/secrets/kubernetes.io/serviceaccount/..2021_11_29_11_47_27.967096074/ca.crt
/var/run/secrets/kubernetes.io/serviceaccount/..data/namespace
/var/run/secrets/kubernetes.io/serviceaccount/..data/ca.crt
/var/run/secrets/kubernetes.io/serviceaccount/..data/token
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
/var/run/secrets/kubernetes.io/serviceaccount/namespace
/var/run/secrets/kubernetes.io/serviceaccount/token
The key for the secrets was required to be lowercase only which might indicate that this is some other kind of configuration.
Still the description above the list of key-value pairs clearly states: "Secrets are key/value pairs than can be used to protect sensitive data like passwords and connection strings."
How can the running container access the secrets?
@Peter , can you check under /var/run/secrets/ ?
@SRIJIT-BOSE-MSFT I've now and there is some files there, though not any files related to the secrets in the portal. I've updated the question with the content of /var/run/secrets/.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 30%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Based on the example on https://learn.microsoft.com/en-us/azure/container-apps/secure-app?tabs=arm-template#example I was able to access secrets from my Azure Container App
The key was to create an environmental variable with a referece to the secret
"template": {
"containers": [
{
"image": "myregistry/myQueueApp:v1",
"name": "myQueueApp",
"env": [
{
"name": "QueueName",
"value": "myqueue"
},
{
"name": "ConnectionString",
"secretref": "queue-connection-string"
}
]
}
],