Changing file mode for secret volumes - required for ssh keys.

[hterik]

Trying to mount a private ssh key to a container using secret volume.

However the secret file is always mounted with mode 664. Which will cause SSH to reject the key with following error:

$ ssh -o BatchMode=yes -i /volumesecrets/key some.internal.host command

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/volumesecrets/key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/volumesecrets/key": bad permissions

Trying to change the mode from within the container does not work since the volume mount is readonly:

$ chmod 0400 /volumesecrets/key
chmod: changing permissions of '/volumesecrets/key': Read-only file system

Is there any way we can configure the chmod of the files mounted?

[fvdnabee]

Considering this repo does not appear to be tracked anymore by the ACI team, I wonder what would be the proper method for relaying this request to the team?

One work-around is to use a regular Azure File Share, enable write mode on the volume mount and set the container to change the file permissions of the ssh key at startup. The ability to configure the file permission for folders/files mounted from an Azure File Share, would be another useful feature in this case (now they are always 777, from my understanding; #45 is asking something similar).

Any other work-arounds?