First pass at integrating Azure secrets into the application. Since the application will be interacting with Azure via Docker, we only use Service Principal credentials to authenticate (as opposed to individual user credentials).
This PR:
Adds authentication utils to pull environment variables and authenticate
Injects secrets into the Docker container via docker-compose and an .env file (not committed)
Adds an auth route to test if the application is authenticated properly
I looked into Docker secrets (https://docs.docker.com/engine/swarm/secrets/) for this, but it doesn't seem to me is much more secure given the secrets are just written to disk instead of as env variables (and more annoying to read from python), and if someone is able to ssh into the containers on the CDC network, we probably have bigger issues. Happy to take suggestions on how to improve the workflow, in any case.
I'll open separate issues/PRs for actually pulling from blob storage and automated deployments.
amondal2
commented
1 day ago
Closes #4 --
First pass at integrating Azure secrets into the application. Since the application will be interacting with Azure via Docker, we only use Service Principal credentials to authenticate (as opposed to individual user credentials).
This PR:
I looked into Docker secrets (https://docs.docker.com/engine/swarm/secrets/) for this, but it doesn't seem to me is much more secure given the secrets are just written to disk instead of as env variables (and more annoying to read from python), and if someone is able to ssh into the containers on the CDC network, we probably have bigger issues. Happy to take suggestions on how to improve the workflow, in any case.
I'll open separate issues/PRs for actually pulling from blob storage and automated deployments.