This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 13%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello,
While I know it is possible to connect key vault to container apps via Dapr, I am looking for a direct integration for key vault directly to ACA. In an ideal scenario, I can add the key vault resource to a bicep file, and then call the secrets via the environment block under the container resource. I would like to avoid Dapr as at scale, the amount of resources being consumed and taken away from the container app itself just for key vault secrets seems pretty high and costly.
Does anyone have a document that shows how this can work?
Thanks for watching the video. As you pointed out, it's on the roadmap but there's no ETA to share at the moment.
For now, if you have the ability to modify your app, you could enable managed identity in the container app and use the Key Vault SDK in your app to access secrets.
This question was specific to the container apps service. This solution does not work with this service at this time, and is not valid.
@Jonathan
Thank you for following up on this and for providing your rating/feedback based off of the previous answer!
To hopefully give you a better overall experience, I reached out to @Anthony Chu - MSFT - as seen in the video you shared starting at 23 minutes 20 seconds. Anthony is part of the engineering team working to enable the integration between Azure Container Apps (ACA) and the Key vault. Because there's no ETA at the moment, there is a workaround that can be leveraged in the meantime.
As mentioned by Anthony - if you have the ability to modify your app, you could enable managed identity in the container app and use the Key Vault SDK in your app to access secrets. I'm not too familiar with Container Apps, but if you'd like instructions on how to do this, please let us know.
Thank you for your time and patience throughout this issue!
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Please feel free to take a re-survey on the relevant answer. You can help us improve by leaving feedback verbatim.
@Jonathan
Thank you for following up on this and for providing your rating/feedback based off of the previous answer!
To hopefully give you a better overall experience, I reached out to @Anthony Chu - MSFT - as seen in the video you shared starting at 23 minutes and 20 seconds. Anothy is part of the engineering team working to enable the integration between Azure Container Apps (ACA) and the Key Vault. Because there's no ETA at the moment, there is a workaround that can be leveraged in the meantime.
As mentioned by Anthony - if you have the ability to modify your app, you could enable managed identity in the container app and use the Key Vault SDK in your app to access secrets. I'm not too familiar with Container Apps, but if you'd like instructions on how to do this, please let us know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Please feel free to take a re-survey on the relevant answer. You can help us improve by leaving feedback verbatim.
@Jonathan
I just wanted to check in and see if you had any other questions or if you were able to review mine and Akshay's previous comments?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Please feel free to take a re-survey on the relevant answer. You can help us improve by leaving feedback verbatim.
Hi @Anthony Chu - MSFT is there any place where we can upvote this feature into a roadmap? I think this is a sought out feature, especially as its common practice for Azure Web app, Functions etc.
Thank you,
Emil
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 28.999999999999996%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
@Anthony Chu - MSFT Have you started working on this feature. If yes, is there an ETA or maybe a private preview we can be apart of?
Hello @Jonathan ,
Thanks for your response. I was able to review this, understood the ask as follows and have updated the answer along with supported documentation steps:
Objective: Granting Azure Container apps access to secrets in Azure Key Vault.
Steps: This could be achieved via managed identities https://video2.skills-academy.com/en-us/azure/container-apps/managed-identity?tabs=portal%2Cdotnet
Add a system-assigned identity: https://video2.skills-academy.com/en-us/azure/container-apps/managed-identity?tabs=portal%2Cdotnet#add-a-system-assigned-identity
az containerapp identity show --name <APP_NAME> --resource-group <GROUP_NAME>
Thanks,
Akshay Kaushik
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
According to the documentation and the youtube video by the creators posted on 9/29, key vault access is on the road map and not supported in this manner at this time for ACA.
Hello @Jonathan ,
Thanks for highlighting this. Based upon your suggestion I have updated the answer above with documented steps to follow. Please do review this and let me know if you have any queries in the comments section.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks,
Akshay Kaushik
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 9%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Hello,
I'm having similar problems to find a proper solution. I want to publish an Azure Machine Learning solution in Azure Marketplace, i'm thinking of using Azure Cotainers. For the solution I'm using: