0

I'm deploying a .NET 9 API to Azure Container Apps using GitHub Actions. I want to inject a database connection string as an environment variable using a secret reference. My GitHub workflow sets the secret and then deploys the app, referencing the secret like this:

- name: Set secrets in Azure Container App (API)
  run: |
    az containerapp secret set \
      --name ${{ env.CONTAINER_APP_NAME_API }} \
      --resource-group ${{ env.RESOURCE_GROUP }} \
      --secrets db-connection-string="${{ secrets.DB_CONNECTION_STRING }}"

- name: Update env vars in Container App (API)
  run: |
    az containerapp update \
      --name ${{ env.CONTAINER_APP_NAME_API }} \
      --resource-group ${{ env.RESOURCE_GROUP }} \
      --set-env-vars ASPNETCORE_ENVIRONMENT=${{ env.ENVIRONMENT }} \
                      ConnectionStrings__XXX=secretref:db-connection-string

- name: Deploy to Azure Container App (API)
  uses: azure/container-apps-deploy-action@v1
  with:
    imageToDeploy: xxx.azurecr.io/xxx-api-service:${{ github.sha }}
    resourceGroup: ${{ env.RESOURCE_GROUP }}
    containerAppName: ${{ env.CONTAINER_APP_NAME_API }}
    environmentVariables: |
      ASPNETCORE_ENVIRONMENT=${{ env.ENVIRONMENT }}
      ConnectionStrings__XXX=secretref:db-connection-string

The secret db-connection-string is present in the Container App and has the correct value. The environment variable is referenced as ConnectionStrings__XXX=secretref:db-connection-string. My code uses builder.Configuration.GetConnectionString("XXX"). I’ve confirmed the secret exists and the deploy step runs after setting the secret. Problem: Despite this, the environment variable is not populated at runtime in the container. The app fails to connect to the database, and logging the environment variables shows ConnectionStrings__XXX is missing or empty.

What I’ve tried:

  • Verified the secret exists in the Container App.
  • Used both the deploy action and az containerapp update to set env vars.
  • Forced new revisions by updating env vars.
  • Checked for typos in secret and env var names.
  • Ensured the deploy step runs after the secret is set.

What am I missing? How can I ensure the environment variable is correctly populated from the secret reference in Azure Container Apps?

Improve this question
Related questions
6
How to reference secrets in Azure Container Apps?
0
Azure Function with kubernetes secret repository in Azure Container Apps
1
Issue with Azure Container Apps Deployment in Terraform
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.