Azure Key Vault 401 authentication errors

2
votes

I am fetching secret values from key vault for my azure stateless service fabric application and getting 401 dependency errors (if I check via connected application insight) for only 2 key vault secrets out of 100s key vault secrets. Below given is the screenshot of dependency error shown via application insight for one of the key vault secret.

image

Here request path is https://mykeyvaultname.vault.azure.net:443/secrets/PushMessagingSecretsTopicName/?api-version=7.0

My code to fetch the key vault secret is given below-

    public async Task<string> GetSecretAsync(string secretName, string clientId, string appKey, string vaultAddress)
            {
                string secretValue = string.Empty;
                if (string.IsNullOrEmpty(secretName))
                    throw new ArgumentNullException(nameof(secretName));

                if (string.IsNullOrEmpty(clientId))
                    throw new ArgumentNullException(nameof(clientId));

                if (string.IsNullOrEmpty(appKey))
                    throw new ArgumentNullException(nameof(appKey));

                if (string.IsNullOrEmpty(vaultAddress))
                    throw new ArgumentNullException(nameof(vaultAddress));

                var secretIdentifier = vaultAddress + "secrets/" + secretName;
                string cacheKey = secretIdentifier + clientId + appKey;

                secretValue = await GetSecretValue(clientId, appKey, secretIdentifier, cacheKey);

                return secretValue;
            }

private async Task<string> GetSecretValue(string clientId, string appKey, string secretIdentifier, string cacheKey)
        {
            IAdAuthentication authToken = new AdAuthentication
            {
                ClientId = clientId,
                AppKey = appKey
            };
            KeyVaultClient keyVaultClient = new KeyVaultClient(authToken.GetAuthenticationTokenAsync);

            // Get secret from the KeyVault.

            SecretBundle secret = null;

            Task tskGetSecret = Task.Run(async () =>
            {
                        //Here I am getting exception with response
                        secret = await keyVaultClient.GetSecretAsync(secretIdentifier).ConfigureAwait(false);
            });
            await Task.WhenAny(tskGetSecret);

            if (tskGetSecret.IsFaulted || tskGetSecret.IsCanceled)
            {
                secret = null;
            }

            string secretValue = string.Empty;
            if (secret != null && secret.Value != null)
            {
                secretValue = secret.Value.Trim();
            }

            return secretValue;
        }

I have debugged the issue further and below given is my finding-

  1. Exception occurs at the time of fetching value of specific keyVaultSecret.

  2. Along with exception, value of secret is also being fetched successfully.

  3. Exception is:Microsoft.Rest.TransientFaultHandling.HttpRequestWithStatusException: 'Response status code indicates server error: 401 (Unauthorized).'

StackTrace:-

at Microsoft.Rest.RetryDelegatingHandler.<>c__DisplayClass11_0.<<SendAsync>b__1>d.MoveNext()
1
dependenciesazure-application-insightshttp-status-code-401azure-keyvault

1 Answers

1
votes

I am closing this issue as with further debugging I found that issue is not intermittent and not related to specific key vault secrets. Issue always occurs while fetching value of first key vault secret for the application. I am closing this issue and opened a new issue with proper details.