1

When running a .NET 6 application inside a an Azure Function v4 Linux container locally on my physical developer laptop, I want to authenticate with Azure using the Azure CLI credentials from the Docker host machine. I.e. I am already logged in to Azure on the host pc running Docker and I would like to reuse those same credentials inside the Docker container, without having to re-enter the username/password, without hardcoding the credentials, without creating a service principal.

I've tried mounting $HOME/.azure as ~/.azure inside the Docker container, but Azure CLI prompts me to login whenever I execute Azure CLI commands inside the container, giving me the error User '<my email>' does not exist in MSAL token cache. Run 'az login'.

Michael
  • 110
  • 7

1 Answers1

1

Azure CLI uses encrypted storage on Windows for tokens cache. Mounting this storage into Docker container is useless as Docker container is not (and cannot be) aware of encryption key.

We are using two workarounds:

  • use WSL, install Azure CLI inside it and generate tokens from here. They will not be encrypted as you are using Linux version of Azure CLI.
  • use another directory, run another docker container of mcr.microsoft.com/azure-cli and process login using device code. Again, you're using Linux version of Azure CLI which leads to use plaintext cache storage.

You can do docker run --rm -v "$HOME/.azure-unencrypted:/root/.azure" mcr.microsoft.com/azure-cli az login --use-device-code and then mount $HOME/.azure-unencrypted to your container as /root/.azure

Jakub A.
  • 201
  • 3
  • 3