question

JeremiahAdams-0775 avatar image
0 Votes"
JeremiahAdams-0775 asked JeremiahAdams-0775 answered

Containerizing .net core mvc fails with missing libsecret-1.so.0

I've a working .NET Core MVC project PoC. This deploys to azure and works as expected. I am now attempting to containerize it for K8S deploys.

This application uses a SecretClient to fetch secrets from AZ Key Vault.

In Visual Studio 2019 I have right-clicked the project and added docker support. When I run the application it fails when attempting to fetch the value of the secret with this exception:

 Microsoft.Identity.Client.Extensions.TraceSource Error: 0 : [MSAL.Extension][2021-05-18T21:21:46.7485285Z] [Verify Persistence] Could not clear the test data: System.DllNotFoundException: Unable to load shared library 'libsecret-1.so.0' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: liblibsecret-1.so.0: cannot open shared object file: No such file or directory
    at Microsoft.Identity.Client.Extensions.Msal.Libsecret.secret_schema_new(String name, Int32 flags, String attribute1, Int32 attribute1Type, String attribute2, Int32 attribute2Type, IntPtr end)
    at Microsoft.Identity.Client.Extensions.Msal.LinuxKeyringAccessor.GetLibsecretSchema()
    at Microsoft.Identity.Client.Extensions.Msal.LinuxKeyringAccessor.Clear()
    at Microsoft.Identity.Client.Extensions.Msal.MsalCacheStorage.VerifyPersistence()
 Exception thrown: 'Azure.Identity.AuthenticationFailedException' in Azure.Security.KeyVault.Secrets.dll
 An unhandled exception of type 'Azure.Identity.AuthenticationFailedException' occurred in Azure.Security.KeyVault.Secrets.dll: 'SharedTokenCacheCredential authentication failed: Persistence check failed. Inspect inner exception for details'
 Stack trace:


I have tracked this down to understand that Alpine and Buster images do not have an install candidate for 'libsecret-1.so.0'. So I changed my Dockerfile to pull from 3.1-Focal and added commands to install the missing dependency. This all appears to work as expected but now throws a new Exception:

 Exception thrown: 'Azure.Identity.AuthenticationFailedException' in Azure.Security.KeyVault.Secrets.dll
 An unhandled exception of type 'Azure.Identity.AuthenticationFailedException' occurred in Azure.Security.KeyVault.Secrets.dll: 'SharedTokenCacheCredential authentication failed: Persistence check failed. Data was written but it could not be read. Possible cause: on Linux, LibSecret is installed but D-Bus isn't running because it cannot be started over SSH.'


Is this an example of .net core that won't run on linux?
Anyone know how to proceed to get this authentication to key vault to happen on a linux container?






dotnet-ad
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JeremiahAdams-0775 avatar image
0 Votes"
JeremiahAdams-0775 answered

For the next person that runs into this issue: https://github.com/Azure/azure-sdk-for-net/issues/17052

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.