0

I'm deploying a .NET 9 API to Azure Container Apps using GitHub Actions. I want to inject a database connection string as an environment variable using a secret reference. My GitHub workflow sets the secret and then deploys the app, referencing the secret like this:

- name: Set secrets in Azure Container App (API)
  run: |
    az containerapp secret set \
      --name ${{ env.CONTAINER_APP_NAME_API }} \
      --resource-group ${{ env.RESOURCE_GROUP }} \
      --secrets db-connection-string="${{ secrets.DB_CONNECTION_STRING }}"

- name: Update env vars in Container App (API)
  run: |
    az containerapp update \
      --name ${{ env.CONTAINER_APP_NAME_API }} \
      --resource-group ${{ env.RESOURCE_GROUP }} \
      --set-env-vars ASPNETCORE_ENVIRONMENT=${{ env.ENVIRONMENT }} \
                      ConnectionStrings__XXX=secretref:db-connection-string

- name: Deploy to Azure Container App (API)
  uses: azure/container-apps-deploy-action@v1
  with:
    imageToDeploy: xxx.azurecr.io/xxx-api-service:${{ github.sha }}
    resourceGroup: ${{ env.RESOURCE_GROUP }}
    containerAppName: ${{ env.CONTAINER_APP_NAME_API }}
    environmentVariables: |
      ASPNETCORE_ENVIRONMENT=${{ env.ENVIRONMENT }}
      ConnectionStrings__XXX=secretref:db-connection-string

The secret db-connection-string is present in the Container App and has the correct value. The environment variable is referenced as ConnectionStrings__XXX=secretref:db-connection-string. My code uses builder.Configuration.GetConnectionString("XXX"). I’ve confirmed the secret exists and the deploy step runs after setting the secret. Problem: Despite this, the environment variable is not populated at runtime in the container. The app fails to connect to the database, and logging the environment variables shows ConnectionStrings__XXX is missing or empty.

What I’ve tried:

  • Verified the secret exists in the Container App.
  • Used both the deploy action and az containerapp update to set env vars.
  • Forced new revisions by updating env vars.
  • Checked for typos in secret and env var names.
  • Ensured the deploy step runs after the secret is set.

What am I missing? How can I ensure the environment variable is correctly populated from the secret reference in Azure Container Apps?

Improve this question
Related questions
6
How to reference secrets in Azure Container Apps?
0
Azure Function with kubernetes secret repository in Azure Container Apps
1
Issue with Azure Container Apps Deployment in Terraform
Load 7 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.