0

As we have more than 50 container apps that require ACR password updates, doing it through UI is a very long task.

I tried to create a Makefile which uses the az cli tool to get the secret name and update with new password. Note, the secret name was auto-created when container app is created.

While running the below command,

az containerapp secret set -n MyApp -g MyRG --secrets reg-pswd-abcd1234-ab12=MySecretToken where reg-pswd-abcd1234-ab12 is the name of the secret automatically generated upon the app's creation

getting the following error:

Secret names cannot be longer than 20. Please shorten reg-pswd-abcd1234-ab12

Question:

  1. Is there any other workaround to update this secret value?

or

  1. Create a new secret value and replace the reference of the old secret name with a newer one?
shaik moeed
  • 5,300
  • 1
  • 18
  • 54
  • Try the this command to update secrets using Keyvault: az containerapp secret set -n MyContainerapp -g MyResourceGroup --secrets MySecretName1=MySecretValue1 MySecretName2=keyvaultref:https://example.vault.azure.net/secrets/mysecret,identityref:/subscriptions/sub/resourceGroups/rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myidentity : [Link](https://learn.microsoft.com/en-us/cli/azure/containerapp/secret?view=azure-cli-latest#az-containerapp-secret-set) – Venkat V Aug 10 '23 at 08:47
  • @VenkatV *reg-pswd-abcd1234-ab12* contains the azure container registry password and whenever I try to update the azure container app with `az containerapp revision copy ...` command, it internally try to find the password from the auto created secret. How can I update that reference after setting the new key with keyvaultref? – shaik moeed Aug 10 '23 at 09:43
  • If I update the current secret with keyvaultref, it will throw the same error, as the secret name is longer than 20 characters. – shaik moeed Aug 10 '23 at 09:45
  • Refer the same qns in Github: https://github.com/microsoft/azure-container-apps/issues/728, As of now 20 characters are not allowed. – Venkat V Aug 10 '23 at 10:29
  • @VenkatV Yes, that is true, but Is there any other workaround to update this secret value? or Create a new secret value and replace the reference of the old secret name with a newer one? – shaik moeed Aug 10 '23 at 11:08
  • @VenkatV [Here](https://github.com/microsoft/azure-container-apps/issues/209#issuecomment-1673937022), someone says, that it was updated to 63 characters, but till facing an error. Do you have any updates on this? – shaik moeed Aug 21 '23 at 04:53
  • I am able to update a password that had more than 20 characters now. Here is my [result](https://i.imgur.com/Ic9O2MY.png) – Venkat V Aug 24 '23 at 09:41
  • @VenkatV Can you try to rename `test` to `testabcdefghijklmnopqrstuvwxyz`, which is more than 20 characters, and try to update the secret value? Name of key should be greater than 20 characters. – shaik moeed Aug 24 '23 at 09:47
  • Name is not accepting more than 20 but value is accepting. – Venkat V Aug 24 '23 at 09:54
  • @VenkatV Yes, ACR is creating a secret name with more than 20 characters by default, when I try to update it's value through command, it was not accepting it, getting the above error. – shaik moeed Aug 24 '23 at 09:55

0 Answers0