Using Kong Docker with Azure Key Vault


#1

We’re using Kong in Docker but need to pull sensitive info (DB password and certificates) from Azure Key Vault. We have a model to “wrap” the container such that it pulls this information from Key Vault before launching Kong, but having to insert the Azure CLI and all the related software into the container really bloats the size and makes it more logistically challenging to manage. Wondering of others have a similar requirement and how you went about it?


#2

Are you using any sort of orchestration platform, which can help you manage secrets for you?


#3

Unfortunately not yet … the plan is to move to K8 but, at the moment, we’re running “independent” Docker containers.


#4

This might (not) raise security concerns but another solution you could pursue is install Azure CLI and related software on your host VMs, pull down the secrets from Key Vault as a part of your docker container spin up process, and then copy those or mount those into your container.

I’m not sure how friendly Azure’s APIs are, but have you considered not using the CLI and using handcrafted HTTP requests using cURL?