Unable to retrieve secrets from azure keyvault #24209
Comments
ghost
added
needs-triage
azure-sdk
added
Client
ghost
removed
the
needs-triage
mccoyp
added
Azure.Identity
and removed
needs-team-triage
ghost
added
the
needs-team-attention
|
For more context: a similar application, written in C#, is able to successfully fetch a token in the same environment. For the Python application, the secret request successfully reaches Key Vault and we do get a response (the 401 challenge shown in the log screenshot). However, token requests are hanging and timing out repeatedly until there's eventually a connection error from a lack of a response. Since it's specifically the token request that's failing, this seems like an |
|
To separate the question, could you try code: cred = ClientSecretCredential('tenantid', 'clientid', 'client_pass')
token = cred.get_token("https://vault.azure.net/.default")
print(token)And see if identity works? |
xiangyan99
added
the
needs-author-feedback
|
Confirmed offline that this environment isn't using any proxy configuration. We unfortunately can't access logs for the C# application that successfully makes token requests. |
|
Did they have a chance to try the code above? @mccoyp |
|
@xiangyan99 not yet, but I bumped the suggestion in our chat. Some other folks who are digging into the networking think that the issue could be a firewall -- which would make sense based on what we're seeing, but would also raise the question of how the C# application doesn't have this issue |
|
@mccoyp when we tried with DefaultAzureCredential() function we were able to successfully authenticate and get the AKV secret value successfully |
ghost
removed
the
needs-author-feedback
|
@Praveen288g Thanks for the update. To make sure I understand correctly, you mean it failed when you used ClientSecretCredential but succeeded when you use DefaultAzureCredential? This makes me think maybe other types of credentials worked? e.g. MSI? |
|
Yep you are correct @xiangyan99 , it worked for other type of credential |
|
Thanks for your confirmation. So is your problem solved? Or it is required to use ClientSecretCredential? |
|
@xiangyan99 yep , i need confirmation whether AzureDefaultCredential() is best method to use in SFTP server/Azure VM , want to make sure whether it could cause any problem in future |
|
It should not cause problems if you use AzureDefaultCredential() in a production environment (means it is stable and will not change). If you want to have a more deterministic behavior, you can use a specific type of credential rather than AzureDefaultCredential which is a chain of credentials. |
xiangyan99
added
the
needs-author-feedback
ghost
added
the
no-recent-activity
|
Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you! |
In Azure VM , when executing our python application exe , which uses
ClientSecretCredential(tenant_id: str, client_id: str, client_secret: str, kwargs: Any) function to Authenticate and retrieve secret's value from Azure Key Vault and the VM doesn't have Client Certificate and Azure CLI.
We are getting the following error where credentials are not successfully authenticated and we get following response:
The below one is the code snippet we have used :
The text was updated successfully, but these errors were encountered: