question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Safely setting ACR container registry credentials for webApp

See original GitHub issue

I have the following configuration for a webApp:

let deployment =
    let plan = servicePlan {
        name "buildAgents"
        sku WebApp.Sku.S3
    }

    let webApps : IBuilder list = [
        for i in 1 .. agentCount do
            webApp {
                name ("xx-yy-buildAgent-" + string i)
                link_to_service_plan plan
                app_insights_off
                docker_image $"buildagent:{buildAgentImageTag}" "start.sh"
                docker_use_azure_registry "someacr"
            }
    ]
    
    let deployment = arm {
        location Location.WestEurope
        add_resources webApps
    }
    
    deployment

An attempt to deploy this leads to the following error:

The following parameters are missing: docker-password-for-someacr. Please add them

Looking at our terraform-generated webapps, I see that we set a setting called DOCKER_REGISTRY_SERVER_PASSWORD with a secret from a keyVault.

I understand I can add a setting with setting "DOCKER_REGISTRY_SERVER_PASSWORD" "x", but I don’t understand how I can safely use the secret from the keyvault to set this setting.

I did not manage to find a solution searching the documentation for “secret” and looking at the existing examples.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
Szercommented, Dec 16, 2020

@l3m just yesterday did the same and I had to do 2 separate deployments. First - ACR deployment with creds as output Second - WebApp deployment with creds as input

https://github.com/Szer/grinder/blob/01f262150ee0917c088ed0180855f5dac7b3fe20/src/Grinder.Farmer/Program.fs#L148-L166

I couldn’t make it work inside one deployment even with depends_on and ARM expressions

1reaction
isaacabrahamcommented, Dec 16, 2020

@l3m the password to access “someacr” is expected to be provided as a parameter to the ARM template to provision it. My understanding for using docker with app service is that this is required so when you do the deploy you need to provide it e.g.

deployment
|> Deploy.execute "my-resource-group" [ "docker-password-for-someacr", "<password>" ]

Of course, `“<password>” is a string that can be retrieved and supplied to the template in any way that you like.

(I’m not aware of any implicit support because docker on app service and key vault.)

@dburriss do you have any thoughts on this one? I seem to recall you worked on this. @forki I think you’re using this as well - are you using it with key vault or some other way?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Authenticate with an Azure container registry
For this scenario, run az acr login first with the --expose-token parameter. This option exposes an access token instead of logging in through ......
Read more >
Support for securely setting ACR credentials for WebApps ...
In case of private docker hub and private registry, we will have to set the user creds in the “Container Setting”. For ACR,...
Read more >
Automate Security for Azure Container Registry - PR Code
In this post I describe some of these where you can set up the ACR credentials in the App Settings, so the Azure...
Read more >
passing azure container registry credential while creating ...
I am creating azure webapp (multi container app) using CLI. My docker images are in azure container registry(ACR). how do i pass my...
Read more >
How to use Azure Container Registry for a Multi- ...
To create a Multi-Container web app, you first need a Docker Compose or ... Because we will be using Azure Container Registry (ACR), ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found