MarileeTurscak-MSFT
commented
3 years ago @Expecho Thanks for your feedback! We will investigate and update as appropriate.
Closed Expecho closed 3 years ago
MarileeTurscak-MSFT
commented
3 years ago @Expecho Thanks for your feedback! We will investigate and update as appropriate.
SatishBoddu-MSFT
commented
3 years ago Hello @pennyo could you please suggest in this regard.
SatishBoddu-MSFT
commented
3 years ago Hello @Expecho just wanted to confirm if you have tried steps 2 and 3 in the sample tutorial section called: Build the default sample app using the Dockerfile ?
Expecho
commented
3 years ago @SatishBoddu-MSFT Yeah I did both steps and the app is correctly built by the Dockerfile. I am stuck on the next step in a way that I have defined a GitHub action that succesfully builds the repo but I want to pass a secret/environment variable to my application. That has to be done using the CmdArgs field in the application manifest but I have no idea how that must be done using the docker approach as outlined in the docs.
SatishBoddu-MSFT
commented
3 years ago Hello @Expecho Thanks for the confirmation, we are working on this.
pennyo
commented
3 years ago @Expecho Good question. I've raised this with our engineering team and will respond when we have more information.
robotdad
commented
3 years ago @Expecho it sounds like you are trying to pass a runtime argument to your app in the container. The app doesn't run in the container, it needs to be deployed to a device to run. You'll need to either download the imagepackage from the produced artifact and deploy to a device or publish it to a deployment group in AS3 to send it to devices OTA.
If I'm wrong and this is a parameter that is used in the build let me know.
Expecho
commented
3 years ago @robotdad thanks for the response. Let my try to paint the whole picture here. I have my code on GitHub, in a public repo. My apps need a connection string. I see that as a secret that I do not want to expose in my code. I have the secret stored in GitHub as an environment variable that I can access during the build phase as seen here. Now I need to somehow pass this secret to the application. So my initial thought is to pass it as an argument to the application as outlined in the docs. But I am stuck on how to proceed with this and to integrate it in the build process.
I haven't found an Azure Sphere sample yet that does not say to modify some file to hardcode the connection string. But I do not want to store the secret in code. There might be other ways to accomplish this that I am not aware of though....
asergaz
commented
3 years ago @Expecho did you consider using IoTHub to update your azure sphere device Twin property or sending a Cloud to Device Message with the secret you need to use on your application? See also Cloud-to-device communications guidance.
Azure Sphere is already connected securely with IoTHub so I believe this can be a secure way to share your passwords using TLS encrypted connection. See how to Set up an Azure IoT Hub for Azure Sphere and let us know if you think this is not a good approach and\or you oversee security issues?
Also, as this lands slightly out of the context of this document, can we move this discussion to Microsoft Q&A so other members from the community can share their experience as well?
fyi @robotdad
Thanks
Expecho
commented
3 years ago @Expecho did you consider using IoTHub to update your azure sphere device Twin property or sending a Cloud to Device Message with the secret you need to use on your application? See also Cloud-to-device communications guidance.
Azure Sphere is already connected securely with IoTHub so I believe this can be a secure way to share your passwords using TLS encrypted connection. See how to Set up an Azure IoT Hub for Azure Sphere and let us know if you think this is not a good approach and\or you oversee security issues?
Also, as this lands slightly out of the context of this document, can we move this discussion to Microsoft Q&A so other members from the community can share their experience as well?
fyi @robotdad
Thanks
Thansk for the response. You are right, I think Q&A might be a better fit. I'll move it in a short time and close this issue. One thing I'd like to address. You say it is safe to connect to IoT Hub and I agree. However, in the examples like the one here they tell you to copy/paste the connection string to code. That means that everyone who has access to my public repo can view my connection string. I'd like to avoid that but I have no clue how to pass the connection string in a secure way to my azure sphere device.
asergaz
commented
3 years ago @Expecho definitely adding the connection string to your code is not recommended at all for some production scenarios. It is a very easy way to get you started connecting to IoTHub and develop some POCs though :).
Azure Sphere authenticates using an x.509 certificate and we have an extense set of docs about securing your environement when using Azure IoT Hub. You can start here: https://docs.microsoft.com/en-us/azure/iot-fundamentals/security-recommendations
Thank you for opening a new thread in Microsoft Q&A. Feel free to close this case when ready!
Expecho
commented
3 years ago Created a Q&A question for it. Thanks for all the help!
I understand that, in order to pass command line arguments to the application I need to modify the application manifest and set the
CmdArgsfield. How should my dockerfile look like to accomplish this? THe dockerfile needs to somehow make sure the manifest is updated to contain the value of an environment variable available in docker,Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.