Issue: Incorrect Secrets Value - microsoft/azure-container-apps GitHub Wiki

Issue

Starting as early as 07 Feb 2022, you may encounter errors when attempting to perform a subset of operations with a Container App secured using a secret. You may notice apps can fail to start up due to incorrect environment variable values. Detailed scenario list is below:

  • Errors Scaling out
  • Errors with startup due to container image pull failure
  • Connecting to event source
  • Connecting to data sources

Mitigation

  • To mitigate this issue, please reapply your secrets to your Container Apps. Once the secret values are updated, the above-mentioned issues will be resolved. More information about secrets can be found here

  • You can re-apply secrets in one of the following ways:

ARM Template

  • Re-Run your Original ARM Template, this should reset the overridden secrets. eg: Notice the secrets section referencing ARM Parameters
{
    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "location": {
            "type": "String"
        },
        "environment_id": {
            "type": "String"
        },
        "queue-connection-string": {
            "type": "String"
        }
    },
    "variables": {},
    "resources": [
    {
        "name": "queuereader",
        "type": "Microsoft.Web/containerApps",
        "apiVersion": "2021-03-01",
        "kind": "containerapp",
        "location": "[parameters('location')]",
        "properties": {
            "kubeEnvironmentId": "[parameters('environment_id')]",
            "configuration": {
                "activeRevisionsMode": "single",
                "secrets": [
                {
                    "name": "queue-connection-string",
                    **"value": "[parameters('queue-connection-string')]"**
                }]
            },
            "template": {
                "containers": [
                    {
                        "image": "myregistry/myQueueApp:v1",
                        "name": "myQueueApp",
                        "env": [
                            {
                                "name": "QueueName",
                                "value": "myqueue"
                            },
                            {
                                "name": "ConnectionString",
                                "secretref": "queue-connection-string"
                            }
                        ]
                    }
                ]
            }
        }
    }]
}

Azure CLI:

  • You can run the Azure CLI command to replace secret values as a comma-separated Key=Values string. eg: "Key=Value, Key2=Value2, Key3=Value3" 
az containerapp update `
  --resource-group "my-resource-group" `
  --name queuereader `
  --environment "my-environment-name" `
  --secrets "queue-connection-string=$CONNECTION_STRING"`

Using Azure Portal

  • Navigate to your container app on Azure Portal, choose Secrets from the side menu, and click on the Edit button. Update the Secret Value and Click Save

octocat

How can I file an issue?

If you have any questions or concerns, please open a support case through the Azure Portal at aka.ms/azsupt or open an issue in Azure Container Apps Issues for any issues encountered on this regard.



Thanks,
Azure Container Apps team,
Microsoft.

⚠️ **GitHub.com Fallback** ⚠️