-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Error while trying to access keys stored in Azure KeyVault #44217
Comments
Thank you for your feedback. Tagging and routing to the team member best able to assist. |
Hi @ekarim2. Thanks for reaching out and we regret that you're experiencing difficulties. The error message that you're seeing does not appear to be related to KeyVault. Rather it seems to indicate that the local host could not find an encryption key to decrypt data. Please provide the full error message and stack trace for the error as well as information about what host platform your app is running on. |
Hi @ekarim2. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
We do try to cache the key locally which may be added to an in-memory key ring depending on your platform. Caching the key reduces not only latency but decreases the cost for customers since Key Vault has low rate limits. Still, why you're getting this particular message isn't clear. What OS is this running on? Can you enable Open Telemetry and provide logs showing when this particular option occurred? There should be tracing events like a Forcing remote-only isn't something we support currently but are considering. /cc @vcolin7 @nisha-bhatia |
Error Messages: Exception while executing function: -------- ClientSecret couldn't be fetched from KeyVault. Access Token couldn't be fetched for further processing. One or more errors occurred. A task was canceled. One or more error occurred. (ClientSecret couldn't be fetched from KeyVault, Access Token couldn't be fetched for further processing). An error occurred while sending the request. Unable to read data from transport connection: An existing connection was forcibly closed by the remote host. Note:
The OS is Windows Server 2022. Thanks |
@ekarim2: We are still missing some important context that was asked for. Given that this was an aggregate exception, please provide the full error message and stack trace for each error in the set. |
Hi @ekarim2. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
Stack Trace of two errors:
|
@ekarim2: The stack trace does not agree with the package version in the summary. In the stack trace, you can see references to:
These indicate that the legacy Also of note, version 1.1 of Azure.Extensions.AspNetCore.DataProtection.Keys is nearly 3 years old and uses and older build of At this point, I'm not clear on what the end-to-end scenario is nor how we would be able to reproduce the behavior that you're seeing. In order to assist, we'll need to ask that you share a small, self-contained project that reproduces the behavior that you're seeing with the latest extensions package. That will allows us to take a deeper look and analyze the behavior. |
Hi @ekarim2. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
|
Thanks all for the support. |
Hi @ekarim2. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue. |
Hi @ekarim2, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you! |
To update all and conclude this issue thread, after version upgrade, we have not observed any error so far. We will continue to monitor for some more time. |
Library name and version
Azure.Extensions.AspNetCore.DataProtection.Keys (1.1.0)
Describe the bug
We are accessing Azure KeyVault using DataProtection.Keys library (version 1.1.0) in Azure Functions. It was working fine both in non-prod and prod environments for more than 2 years. It started throwing intermittent error in production environment first on 28th Feb 2024, at 4:38 UTC.
Error: "They key ------- was not found in the key ring."
They key exists in the KeyVault. We created Microsoft support ticket and did detailed analysis with Microsoft Azure team and concluded that there is no issue from Azure services (Azure Function, KeyVault, Azure AD) side or in our code.
In April the same issue started happening intermittently in non-prod environment as well.
I looked at the github history from version 1.1.0 to current version (1.2.3). No such bug has been resolved in all the newer versions. We are getting intermittent error "They key ------- was not found in the key ring" both in non-prod and prod. Request the community to help to resolve the error.
Expected behavior
Azure.Extensions.AspNetCore.DataProtection.Keys should read the key/value stored in Azure KeyVault all the time.
Actual behavior
Intermittently failing to read the key value store and throwing error "They key ------- was not found in the key ring"
Reproduction Steps
Getting intermittent error while trying to decrypt the token in Azure Functions.
var decryptedUserToken = _dataProtectionService.Decrypt(queueAuditContext.Token, "TokenProtection");
Environment
Microsoft Azure
The text was updated successfully, but these errors were encountered: