0

I've deployed a .NET Aspire app to Azure using the azd up cmdlet. During the deployment step, a connection string was requested to an Azure SQL database. The app and its connection to the database works as expected.

I now need to change the connection string to point to a different database. I found the connection string secrets in my Azure Container App in the Azure portal and updated them there. But when deploying updates using azd deploy the connection string is reverted to its original value.

I can see in the config.json file of my environment that the connection strings are read from a vault, identified by a GUID. But we have no Azure Key Vault instances in our tenant with that ID, so I'm not sure where this vault is being referenced.

How can I update my connection string to a new value that will ensure subsequent deployments will use it and not override it with the value initially provided?

Improve this question
4
  • Have you checked whether any KeyVault was unintentionally created within your Azure Portal? my guess it is created automatically during deployment. Also I would check the permissions to see these specific keyvaults, try with a admin account. Commented Oct 30, 2024 at 21:10
  • I thought that as well but couldn't find one in the provisioned Resource Group or under the Azure Key Vault blade. I'm a global admin, so should see all the resources, but I had another colleague with admin rights check and he couldn't find a vault with that GUID either. Commented Oct 31, 2024 at 4:38
  • I think you need to run azd pipeline config which will take the values in the config.json and add the JSON to the AZD_INITIAL_ENVIRONMENT_CONFIG env var in the pipeline. It's also possible to remove, manually, the vault Uri, which isn't to do with Key Vault but points to user-secrets, I believe, and put your connection string in there in plain text. Then add that JSON to the AZD_INITIAL_ENVIRONMENT_CONFIG in your Pipeline's Library variable group. Not ideal but could get you further forward. Commented Oct 31, 2024 at 9:06
  • Thank you @Boggin. The initial deployments were done directly from the terminal on my local machine, so there isn't a pipeline involved. This is useful info for when the app is moved to ADO though! The vault ID doesn't match the secret ID, so honestly not sure what this refers to. In any event, I'm going to try move the connection strings to secrets in a Key Vault instead, providing a consistent management plane for future changes. Commented Oct 31, 2024 at 15:44
Related questions
0
How Do You Configure azd Azure Aspire Endpoint Generation?
2
Azure "azd up" removes custom domain from deployed Containerapp. How can I keep it?
6
How to reference secrets in Azure Container Apps?
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.