Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,135 questions
Getting Delay in Response from KeyVault
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 39%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Rahul Kapoor
21
Reputation points
Hello
Hope everyone is doing well.
I will mention brief details about the project. So our code is based on Java SpringBoot and the code is used for fetching access token.
So first it will fetch the HMACSecret and Certificate from KeyVault, then fetches the Access token for the client.
But the problem is, when the code tries to connect to Key-Vault twice, both for HMACSecret and Certificate, it takes around 2 mins for each request. Which makes the response time of a single request to more than 4 mins.
Also to be noted, same code is deployed in 2 environments, out of which, one is working absolutely fine. There is few milliseconds delay only.
We have checked all configurations from server side, as well as cloud side . Both environments have some configs.
Just coudn't isolate the issue
Please find dummy error snippet - Notice the TimeStamp jump of 2 mins
19:08:00:680 DEBUG - ! R:DUMMY.vault.azure.net/ip:443] Non Removed handler: azureWriteTimeoutHandler, context: null, pipeline: DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (azureReadTimeoutHandler = com.azure.core.http.netty.implementation.ReadTimeoutHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
19:08:00:680 DEBUG - ! R:DUMMY.vault.azure.net/ip:443] Non Removed handler: azureResponseTimeoutHandler, context: null, pipeline: DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (azureReadTimeoutHandler = com.azure.core.http.netty.implementation.ReadTimeoutHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
19:08:00:681 DEBUG - ! R:DUMMY.vault.azure.net/ip:443] Non Removed handler: azureReadTimeoutHandler, context: ChannelHandlerContext(azureReadTimeoutHandler, [id: , L:/IP:Port ! R:DUMMY.vault.azure.net/IP:443]), pipeline: DefaultChannelPipeline{(reactor.left.sslHandler = io.netty.handler.ssl.SslHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (azureReadTimeoutHandler = com.azure.core.http.netty.implementation.ReadTimeoutHandler), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
19:10:08:537 INFO - Azure Identity => Managed Identity environment: IMDS
19:10:08:538 INFO - Azure Identity => getToken() result for scopes [https://vault.azure.net/.default]: SUCCESS
19:10:08:539 DEBUG - Created a new pooled channel, now 1 active connections and 0 inactive connections
19:10:08:540 DEBUG - SSL enabled using engine SSLEngineImpl and SNI DUMMY.vault.azure.net:443
The above logs are generated while fetching secret from KeyVault.
Kindly help in debugging the issue. Please revert if any info is required.
{count} votes
-
JamesTran-MSFT 36,456 Reputation points Microsoft Employee2020-12-23T22:09:38.037+00:00 @Rahul Kapoor
Thank you for your detailed post! Would you be able to answer some of my questions below so I can better help in troubleshooting your issue.- How long has this issue been happening?
- Is this an issue that can be replicated with every call/connection attempt made? Or does this only happen occasionally?
- Are you using the KV REST APIs to connect to the vault?
- Did you follow any documentation to set this all up? If so, would you be able to provide them.
- Was there any networking change on your end?
Any additional information or screenshots would be greatly appreciated.
From your logs, it does look like there's a two minute delay when connecting to the KV, but once that connection is made the process works as expected.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue. -
Rahul Kapoor 21 Reputation points
2020-12-28T04:55:06.157+00:00 Here are the requested details..
a. The issue is happening from the start.
b. It happens on every call. Although we have implemented caching, so 2nd call takes a lot less time, but the first request is taking around 4 mins.
c. Yes, using SecretClient and KeyVaultSecret.
d. Yes, followed Microsoft Learn only.
e. Will check and confirm. -
Rahul Kapoor 21 Reputation points
2020-12-28T17:12:43.357+00:00 Also one observation in the environment in which we were getting a delay.
So we created a dummy code and deployed in RHEL v7.9 once as a dummy jar and once as a war file.
The dummy code will fetch certificate from keyvault.
Obs-
The dummy jar works completely fine with no delay
The dummy war again gives delay of around 2 minutes.Jboss version is 7.2 installed on both environments
-
JamesTran-MSFT 36,456 Reputation points Microsoft Employee
2020-12-28T22:32:43.737+00:00 @Rahul Kapoor
Thank you for the quick and detailed response! I've reached out to Key Vault team regarding this and will update as soon as possible.If you have any other questions or updates in the meantime, please let me know.
Thank you for your time and patience throughout this issue. -
Rahul Kapoor 21 Reputation points
2020-12-29T06:06:31.993+00:00 Thanks.
Also adding to the obs -
We have 2 environments in which our code is deployed- say A(no delay) and B (has keyvault delay).a. Both environments have same Jboss configurations
b. Both environments on same VNET and Subnet.
c. Both have RHEL OS.
d. Also keyvaults referred in both environments are different. -
JamesTran-MSFT 36,456 Reputation points Microsoft Employee
2020-12-31T17:41:34.83+00:00 @Rahul Kapoor
Thank you for your time and patience throughout this issue!I just wanted to follow up and let you know that I'm still waiting for a response from our Key Vault team. However, if you'd like them to take a closer look into your environment, please email me with the info in my private message.
If you have any other questions, please let me know.
Thank you! -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 18%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Sérgio Terenas 1 Reputation point2023-05-02T02:30:43.06+00:00 I understand this is an old thread but fast forward to 2023, using all latest versions, and I have a 13 seconds delay to fetch the first secret, subsequent fetches are very fast. Is this expected? If I stop and restart the app the wait shows up again. Not sure what else to troubleshoot. Any hints?
Sign in to comment