Replace 'System' by 'system' to use System-Managed Identity to access key vault secret

pmalarme · web-flow · commit 6af0a26777e2 · 2023-08-17T13:31:22.000+02:00
Replace 'System' by 'system' to use System-Managed Identity to access key vault secret. When creating in the portal and exporting the template, it uses 'system'. When creating with 'System' it is not recognized in the portal when the secret is edited. For Dapr component, it is 'system' and not 'System'.
diff --git a/articles/container-apps/manage-secrets.md b/articles/container-apps/manage-secrets.md
@@ -162,14 +162,14 @@ Secrets are defined at the application level in the `resources.properties.config
             {
                 "name": "queue-connection-string",
                 "keyVaultUrl": "<KEY-VAULT-SECRET-URI>",
-                "identity": "System"
+                "identity": "system"
             }],
         }
     }
 }
 ```
 
-Here, a connection string to a queue storage account is declared in the `secrets` array. Its value is automatically retrieved from Key Vault using the specified identity. To use a user managed identity, replace `System` with the identity's resource ID.
+Here, a connection string to a queue storage account is declared in the `secrets` array. Its value is automatically retrieved from Key Vault using the specified identity. To use a user managed identity, replace `system` with the identity's resource ID.
 
 Replace `<KEY-VAULT-SECRET-URI>` with the URI of your secret in Key Vault.
 
@@ -191,7 +191,7 @@ az containerapp create \
   --secrets "queue-connection-string=keyvaultref:<KEY_VAULT_SECRET_URI>,identityref:<USER_ASSIGNED_IDENTITY_ID>"
 ```
 
-Here, a connection string to a queue storage account is declared in the `--secrets` parameter. Replace `<KEY_VAULT_SECRET_URI>` with the URI of your secret in Key Vault. Replace `<USER_ASSIGNED_IDENTITY_ID>` with the resource ID of the user assigned identity. For system assigned identity, use `System` instead of the resource ID.
+Here, a connection string to a queue storage account is declared in the `--secrets` parameter. Replace `<KEY_VAULT_SECRET_URI>` with the URI of your secret in Key Vault. Replace `<USER_ASSIGNED_IDENTITY_ID>` with the resource ID of the user assigned identity. For system assigned identity, use `system` instead of the resource ID.
 
 > [!NOTE]
 > The user assigned identity must have access to read the secret in Key Vault. System assigned identity can't be used with the create command because it's not available until after the container app is created.

Original file line number	Diff line number	Diff line change
@@ -162,14 +162,14 @@ Secrets are defined at the application level in the `resources.properties.config
`162`	`162`	`{`
`163`	`163`	`"name": "queue-connection-string",`
`164`	`164`	`"keyVaultUrl": "<KEY-VAULT-SECRET-URI>",`
`165`		`- "identity": "System"`
	`165`	`+ "identity": "system"`
`166`	`166`	`}],`
`167`	`167`	`}`
`168`	`168`	`}`
`169`	`169`	`}`
`170`	`170`	```
`171`	`171`
`172`		-Here, a connection string to a queue storage account is declared in the `secrets` array. Its value is automatically retrieved from Key Vault using the specified identity. To use a user managed identity, replace `System` with the identity's resource ID.
	`172`	+Here, a connection string to a queue storage account is declared in the `secrets` array. Its value is automatically retrieved from Key Vault using the specified identity. To use a user managed identity, replace `system` with the identity's resource ID.
`173`	`173`
`174`	`174`	Replace `<KEY-VAULT-SECRET-URI>` with the URI of your secret in Key Vault.
`175`	`175`
`@@ -191,7 +191,7 @@ az containerapp create \`
`191`	`191`	`--secrets "queue-connection-string=keyvaultref:<KEY_VAULT_SECRET_URI>,identityref:<USER_ASSIGNED_IDENTITY_ID>"`
`192`	`192`	```
`193`	`193`
`194`		-Here, a connection string to a queue storage account is declared in the `--secrets` parameter. Replace `<KEY_VAULT_SECRET_URI>` with the URI of your secret in Key Vault. Replace `<USER_ASSIGNED_IDENTITY_ID>` with the resource ID of the user assigned identity. For system assigned identity, use `System` instead of the resource ID.
	`194`	+Here, a connection string to a queue storage account is declared in the `--secrets` parameter. Replace `<KEY_VAULT_SECRET_URI>` with the URI of your secret in Key Vault. Replace `<USER_ASSIGNED_IDENTITY_ID>` with the resource ID of the user assigned identity. For system assigned identity, use `system` instead of the resource ID.
`195`	`195`
`196`	`196`	`> [!NOTE]`
`197`	`197`	`> The user assigned identity must have access to read the secret in Key Vault. System assigned identity can't be used with the create command because it's not available until after the container app is created.`