This article talks about how to MOUNT the Secret Volume.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-secret
Use a secret volume to supply sensitive information to the containers in a container group. The secret volume stores your secrets in files within the volume, accessible by the containers in the container group. By storing secrets in a secret volume, you can avoid adding sensitive data like SSH keys or database credentials to your application code.
But it does not discuss how to read-out the secrets after it (the secret volume) is created.
The germane code from the article listed below.
"volumes": [
{
"name": "secretvolume1",
"secret": {
"mysecret1": "TXkgZmlyc3Qgc2VjcmV0IEZPTwo=",
"mysecret2": "TXkgc2Vjb25kIHNlY3JldCBCQVIK"
}
}
It looks like any of the containers can mount this special secret volume.
"volumeMounts": [
{
"name": "secretvolume1",
"mountPath": "/mnt/secrets"
}
How does the (parent) container (of the secret volume via the volume-mount) read out the secrets? The secrets are not supposed to be file-persisted.
Better stated, how does my application code retrieve the secret values?
This guy almost got me there, but didn't. :( He reads out the secret using the command line.
Good call granadaCoder. Yes, the key of the secret, i.e. "mysecret1", "mysecret2", becomes the filename in the volumeMount path, i.e. "/mnt/secrets". Notice that the values of the secret should be base64-encoded. Their decoded values become the content of the files. In your case, you will find /mnt/secrets/mysecret1 with content "My first secret FOO", and /mnt/secrets/mysecret2 with content "My second secret BAR" in your container.