question

StanGifford-4610 avatar image
0 Votes"
StanGifford-4610 asked StanGifford-4610 edited

KeyvaultClient Purgedeletedsecretasync returns conflict

I have created a C# program to manage secrets - AKA password Manager.

As it is a website I am using the keyvaultclient methods.

I believe I am getting a race condition between deleting a secret via DeleteSecretAsync and PurgeDeletedSecretAsync.

If I use the debugger and step between the two calls, all is good.

If I just let the program run, I get an exception raised - Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Conflict'

Both operations are in seperate async threading tasks and I await the calls to both tasks - the actual operations within the tasks are also awaited.

Note: I have only recently started using C# - I am better with C, VB!

I tried a 1 second sleep between the calls - but that made no difference.

Code below; Note that commented code is what I used before adding the two tasks - obviously that did not work!

         //var secretBundle = await Global.kv.DeleteSecretAsync(Global.keyVaultName, SecretToDelete);
         System.Threading.Tasks.Task T1 = DeleteSecret(SecretToDelete);
         await T1;
         //   await Global.kv.PurgeDeletedSecretAsync(secretBundle.RecoveryId);
            
         System.Threading.Tasks.Task T = PurgeSecret(Global.savedSecret);
         await T;
            

 
         return RedirectToAction("Index");
     }
     private async System.Threading.Tasks.Task DeleteSecret(string secret)
     {
         var secretBundle = await Global.kv.DeleteSecretAsync(Global.keyVaultName, secret);
         Global.savedSecret=secretBundle.RecoveryId;
     }
     private async System.Threading.Tasks.Task PurgeSecret(string secret)
     {
         await Global.kv.PurgeDeletedSecretAsync(secret);
     }

azure-key-vault
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Addenum. Previously I had used the SecretClient - I had no issue purging the secret - so I believe there is no issue with the way the Vault is set up!

0 Votes 0 ·

@StanGifford-4610
Thank you for your post!

Looking into your question, I found some documentation that might help with what you're asking.


Delete and purge a secret using await
Delete and purge a secret using While/sleep


I hope this helps, if you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

@StanGifford-4610 Did you end up finding a better solution to this problem? Looks like I'm running into the same issue you had.

0 Votes 0 ·

I will have to look at the code - I did fix the problem (suspect it was using await) - will dig out the code and see what I did!

1 Vote 1 ·

Cheers @StanGifford-4610 let me know how you go.

Do you believe the issue is caused by awaiting the purge?

0 Votes 0 ·
Show more comments
StanGifford-4610 avatar image
0 Votes"
StanGifford-4610 answered StanGifford-4610 commented

The following is a workaround that fixes MY issue!

(Which Microsoft WAF catches and wont allow me to post!)

Essentially I issue the delete then wrap a try catch finally block around the purge.
If the purge fails, I sleep for 1 second and retry it.

Stan





· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@StanGifford-4610
Thank you for the update, I'm glad you were able to find a solution to your issue!


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·

Hi James,

I would have liked to upload the code fragment because that is something I would have found useful when I got the original problem - perhaps you could email me direct and I can get it back to you - and you may be able to insert it into this thread?

Stan

0 Votes 0 ·
StanGifford-4610 avatar image
0 Votes"
StanGifford-4610 answered

Hi James,

Thanks for responding.

Unfortunately the two examples both seem to refer to the Secrets library methods whereas I am using the KeyvaultClient methods.

Regardless, I will see if I can find an analog using keyvault client.

Stan

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.