question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] SecretClient.GetPropertiesOfSecrets() returns deleted secrets

See original GitHub issue

Describe the bug We’re using the Azure.Security.KeyVault.Certificates v4.0.0 SDK to retrieve secrets from Azure Key Vault and find deleted managed secrets in the result. The SecretProperties class doesn’t provide any properties that relate to the deletion status of the secret.

Also, we find it quite confusing that the SecretClient.GetPropertiesOfSecrets() API considers certificate entries as managed secrets; it isn’t obvious from the documentation either and caught us off guard.

Expected behavior We’re expecting the SecretClient.GetPropertiesOfSecrets() API to return a list of secrets (managed and unmanaged) without deleted entries; alternatively, the SecretProperties class sould provide properties that relate to the deletion status of the secret.

Actual behavior (include Exception or Stack Trace) Deleted entries are included in the result.

To Reproduce Create and soft delete a managed certificate in Azure Key Vault, then run the following code snippet:

var client = new SecretClient(vaultUri, new ClientSecretCredential(tenantID, clientID, clientSecret));
var properties = client.GetPropertiesOfSecrets(token).OrderBy(p => p.Name).ToList();

Environment:

  • Azure.Security.KeyVault.Certificates v4.0.0
  • Windows 10, Azure AppService
  • Visual Studio 16.4.5, .NET 4.7.2

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:13 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
sebansalcommented, Jan 29, 2021

Solution is deployed.

0reactions
sebansalcommented, Jan 5, 2021

akv engineering team will triage

Read more comments on GitHub >

github_iconTop Results From Across the Web

Class SecretClient | Azure SDK for Net
The Get Deleted Secret operation returns the specified deleted secret along. with its attributes. This operation requires the secrets/get permission.
Read more >
SecretClient.GetPropertiesOfSecrets(CancellationToken) ...
Lists the properties of all enabled and disabled secrets in the specified vault. You can use the returned Name in subsequent calls to...
Read more >
Azure.Security.KeyVault.Secrets 4.5.0
This example lists all the secrets in the specified Azure Key Vault. The value is not returned when listing all secrets. You will...
Read more >
c# - Delete Secret on Azure Keyvault not working
1 Answer 1 ... Based on my test, await keyVaultClient.DeleteSecretAsync(ConfigurationManager.AppSettings["VaultUrl"].ToString(), name) will delete ...
Read more >
Managing Key Vault Secrets from a .NET Console App
GetSecret(setSecretName); var operation = secretClient.StartDeleteSecret(deleteSecretName);. By default, Azure Key Vault supports soft delete, ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found