Skip to content

docs(azure): replace exported STORAGE_ACCOUNT_KEY with inline command substitution#89

Merged
EdGeraghty merged 2 commits into
azure-deploy-docsfrom
copilot/sub-pr-87
May 1, 2026
Merged

docs(azure): replace exported STORAGE_ACCOUNT_KEY with inline command substitution#89
EdGeraghty merged 2 commits into
azure-deploy-docsfrom
copilot/sub-pr-87

Conversation

Copy link
Copy Markdown

Copilot AI commented May 1, 2026
edited
Loading

The Azure Container Apps guide exported STORAGE_ACCOUNT_KEY into the shell environment, making the storage account key visible via env, crash dumps, and shell-history tooling across the entire session.

Changes

  • Step 2 (mount file share): Removed the export STORAGE_ACCOUNT_KEY=$(…) assignment; key is now inlined directly into --azure-file-account-key
  • Step 6 (blob container creation): Replaced "$STORAGE_ACCOUNT_KEY" with inline substitution on --account-key
  • Step 6 Option A (Container Apps secret): Replaced "$STORAGE_ACCOUNT_KEY" with inline substitution on --secrets

The variable STORAGE_ACCOUNT_KEY no longer appears anywhere in the guide.

# Before
export STORAGE_ACCOUNT_KEY=$(az storage account keys list \
  --resource-group $RESOURCE_GROUP \
  --account-name $STORAGE_ACCOUNT_NAME \
  --query '[0].value' --output tsv)

az containerapp env storage set \
  ...
  --azure-file-account-key "$STORAGE_ACCOUNT_KEY" \
  ...

# After — key exists only as a transient argument, never in the environment
az containerapp env storage set \
  ...
  --azure-file-account-key "$(az storage account keys list \
    --resource-group $RESOURCE_GROUP \
    --account-name $STORAGE_ACCOUNT_NAME \
    --query '[0].value' --output tsv)" \
  ...

Copilot AI mentioned this pull request May 1, 2026
Merged
@EdGeraghty
docs: replace STORAGE_ACCOUNT_KEY export with inline command substitu…
b50ad56 
…tion

The guide previously exported the storage account key into the shell
environment in three places (Step 2, Step 6 blob creation, Step 6
Option A). Exported variables are visible via `env`, crash dumps, and
shell-history tooling, all of which are undesirable for a high-value
secret.

All three occurrences are now rewritten to use inline command
substitution directly on the `az` argument, so the key value is never
placed in a named shell variable at all.

Agent-Logs-Url: https://github.com/privacyint/docker-headscale/sessions/4e335591-6a37-479b-a7a5-b099b3ac96b0

Co-authored-by: EdGeraghty <20861699+EdGeraghty@users.noreply.github.com>
Copilot AI changed the title [WIP] [WIP] Address feedback on Azure implementation and documentation updates docs(azure): replace exported STORAGE_ACCOUNT_KEY with inline command substitution May 1, 2026
Copilot AI requested a review from EdGeraghty May 1, 2026 09:58
@EdGeraghty EdGeraghty marked this pull request as ready for review May 1, 2026 10:00
@EdGeraghty EdGeraghty merged commit eae2ce3 into azure-deploy-docs May 1, 2026
3 checks passed
@EdGeraghty EdGeraghty deleted the copilot/sub-pr-87 branch May 1, 2026 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@EdGeraghty EdGeraghty EdGeraghty approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@EdGeraghty EdGeraghty

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EdGeraghty