Safely setting ACR container registry credentials for webApp
See original GitHub issueI have the following configuration for a webApp:
let deployment =
let plan = servicePlan {
name "buildAgents"
sku WebApp.Sku.S3
}
let webApps : IBuilder list = [
for i in 1 .. agentCount do
webApp {
name ("xx-yy-buildAgent-" + string i)
link_to_service_plan plan
app_insights_off
docker_image $"buildagent:{buildAgentImageTag}" "start.sh"
docker_use_azure_registry "someacr"
}
]
let deployment = arm {
location Location.WestEurope
add_resources webApps
}
deployment
An attempt to deploy this leads to the following error:
The following parameters are missing: docker-password-for-someacr. Please add them
Looking at our terraform-generated webapps, I see that we set a setting called DOCKER_REGISTRY_SERVER_PASSWORD
with a secret from a keyVault.
I understand I can add a setting with setting "DOCKER_REGISTRY_SERVER_PASSWORD" "x"
, but I don’t understand how I can safely use the secret from the keyvault to set this setting.
I did not manage to find a solution searching the documentation for “secret” and looking at the existing examples.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Authenticate with an Azure container registry
For this scenario, run az acr login first with the --expose-token parameter. This option exposes an access token instead of logging in through ......
Read more >Support for securely setting ACR credentials for WebApps ...
In case of private docker hub and private registry, we will have to set the user creds in the “Container Setting”. For ACR,...
Read more >Automate Security for Azure Container Registry - PR Code
In this post I describe some of these where you can set up the ACR credentials in the App Settings, so the Azure...
Read more >passing azure container registry credential while creating ...
I am creating azure webapp (multi container app) using CLI. My docker images are in azure container registry(ACR). how do i pass my...
Read more >How to use Azure Container Registry for a Multi- ...
To create a Multi-Container web app, you first need a Docker Compose or ... Because we will be using Azure Container Registry (ACR), ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@l3m just yesterday did the same and I had to do 2 separate deployments. First - ACR deployment with creds as output Second - WebApp deployment with creds as input
https://github.com/Szer/grinder/blob/01f262150ee0917c088ed0180855f5dac7b3fe20/src/Grinder.Farmer/Program.fs#L148-L166
I couldn’t make it work inside one deployment even with
depends_on
and ARM expressions@l3m the password to access “someacr” is expected to be provided as a parameter to the ARM template to provision it. My understanding for using docker with app service is that this is required so when you do the deploy you need to provide it e.g.
Of course, `“<password>” is a string that can be retrieved and supplied to the template in any way that you like.
(I’m not aware of any implicit support because docker on app service and key vault.)
@dburriss do you have any thoughts on this one? I seem to recall you worked on this. @forki I think you’re using this as well - are you using it with key vault or some other way?