Azure Container Apps secrets by Terraform, was not always possible. Previously, Terraform didn’t support direct integration to pull secrets from Azure Key Vault through its resources. Fortunately, with the latest AzureRM provider update, this functionality is now available.
To demonstrate this setup, I’ve created a dedicated GitHub repository specifically for managing secrets in Azure Container Apps. The build runs weekly, to ensure that the solution is still working (we all know how often Terraform changes), and you can find the current status below:
The GitHub Actions workflow for managing Azure Container Apps secrets is structured as follows:
- Run Terraform Script – A sample application image is built in Terraform using Azure CLI commands and all needed resources.
- Verify Endpoint Response – Check if the endpoint hosted in Azure Container Apps returns the correct secret value. Expected output: “AzureWayRocks!”
- Clean-Up Resources – Destroy all resources created by Terraform to maintain a clean environment.
- The GitHub Actions source code you can find here.
You can find the source code for this GitHub Actions setup here.
If you’re interested in diving deeper into Azure Container Apps, you can explore more articles here.
Azure Container Apps secrets – Terraform setup
Before delving into the Terraform setup, you can download all the necessary sources here. If you’re new to configuring Azure Container Apps with Terraform, check out my previous post “Azure Container Apps – Using Terraform to Create [Part 1].”
This tutorial includes the following key components:
- Sample Application: Demonstrates the use of Azure Container Apps secrets within the application. Access the source code here.
- Terraform Script: Used to create Azure Key Vault and Azure Container Apps. The script leverages RBAC (Role-Based Access Control) for secure Key Vault access, including necessary role assignments. It also configures Azure Container Apps secrets by setting environment variables that reference secrets stored in Azure Key Vault.
Terraform script execution for Azure Containers App Secrets
All Terraform variables are preset with default values, but you can override them as needed. The setup process, which takes around 10 minutes, will configure the application and enable you to retrieve REST API results, securely leveraging Azure Container Apps secrets from Azure Key Vault. Terraform also builds Docker images for the sample application. Ensure that Azure CLI is installed; installation instructions are available here.
After the Terraform script is completed, the application is fully set up. Simply follow the URL provided in the Terraform output to view the result. The output from the deployed application should look like this:
I sincerely hope you enjoyed it, and if so, I’d appreciate a Like or Comment on my LinkedIn profile.
Here you can find all the articles from the series.