hashicorp/vault-plugin-secrets-azure

'context deadline exceeded' - Azure Secret Engine

lcondliffe opened this issue · 1 comments

Describe the bug
We use the Azure Secrets Engine in Vault to dynamically retrieve service principals for Azure DevOps to use for Terraform pipelines.

Intermittently when the pipeline tries to use the secret engine we get a 'context deadline exceeded' error. Sometimes we have to retry a few times before it successfully returns a service principal. We think that this is to do with the Azure APIs sometimes taking some time to generate and return the service principal but we can't be sure.

Is there a way to increase timeout values applied to requests to Azure Secrets Engine? I can't see this in the available documentation.

To Reproduce
Steps to reproduce the behavior:

vault read azure/$(subscription)/creds/subscription-owner -format=json |jq -c .data

Expected behavior
The secret engine returns an Azure service principal credential.

Environment:

Vault Server Version (retrieve with vault status): 1.10.3
Vault CLI Version (retrieve with vault version): 1.11.2
Server Operating System/Architecture: Kubernetes (Helm chart deployment)

I think I've now worked around this by including this additional line in the pipeline

export VAULT_CLIENT_TIMEOUT=300

It seems like sometimes the Azure APIs take longer than the default 60 seconds to respond and this works around the issue.