Open chetanku opened 5 years ago
@chetanku Since the secret data is mounted to your pod as a file, there are two ways you could get the value for your application:
@ritazh I have the similar question, I tried to use config.AddKeyPerFile in my asp.net core application to read the mounted folder, but it seems like I failed to read the secret file. run kubectl exec can give me the value of the file though.
Can you please help provide repro steps, sample code snippets? Thanks!
apiVersion: v1 kind: Pod metadata: name: pod-keyvault spec: containers:
I have an asp.net core app which I deployed to aks. if (context.HostingEnvironment.IsProduction()) { if (!Directory.Exists("/kvsecret1")){ throw new FileNotFoundException("folder not exists"); } config.AddKeyPerFile(directoryPath: "/kvsecret1", optional: false); }
this part would throw FileNotFoundException since it can't find a location where /kvsret1 exists. I'm wondering whether that mount path is accessible outside the container, if so, how? @ritazh
So kubectl exec -it pod-keyvault ls /kvsecret1
shows each secret listed inkeyvaultobjectnames
as files, but Directory.Exists("/kvsecret1")
in your asp.net app does not work?
Yes. @ritazh.
one way is to save the content of azure key vault secret as a json. Then parse (mounted secret) as json in your app. below is an example for a nodejs app utilizing nconf
lib. (assuming the secret is mounted as "/secrets/mysecret"
{
"systemX": {
"clientId": "foo",
"secret": "bar"
}
}
const nconf = require('nconf');
nconf.file('systemX', {file: '/secrets/mysecret'});
let creds = nconf.get('systemX');
console.log(`clientId: ${creds.clientId}`);
console.log(`secret: ${creds.secret}`);
output:
clientId: foo
secret: bar
I've tried to do the same what @MinghuaJiang described and it worked for me.
I am working on a .net core 2 application and trying to do a POC on this. But I am not able to understand how the application should be set up to read the secrets, keys etc for eg, or does this replace the appsettings.json file itself? any tutorial will be awesome. thanks