Key Vault secrets during Kudu deployments for a node.js app in Azure App Service
Question
we have a node.js app that is deployed to Azure App Service. Some of our npm packages dependencies are stored in a private npm repository and auth token for this repo is stored in Azure Key Vault.
We use VSTS for our builds and VSTS makes it easy to fetch the token from the Key Vault. For our deployments, we use Kudu to npm install && npm start our app. But the npm install fails as packages from private repo can't be fetched.
I have worked around this by adding the auth token as an app setting in the App Service and adding it to the .npmrc before Kudu runs npm install. But I would really like a way to access the token from Key Vault directly from Kudu. Is this something on the Key Vault or App Service team's radar?
Update
The recommended approach is to use powershell SDK / REST APIs to read the secrets from the KeyVault and update the app service. Not ideal, but it works
1 answers
solution1
1 ACCPTED 2017-02-02 19:18:25
Code running in your App Service (whether as part of Kudu or your actual site) cannot directly read from KeyVault.
The recommended pattern is to put the secret in an App Setting as described in https://docs.microsoft.com/en-us/azure/key-vault/key-vault-use-from-web-application .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.