Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,293 questions
ERROR | Azure Key Vault access from Python application in Azure Kubernetes Service
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 30%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AT
0
Reputation points
I have a python application in AKS where I need to read the secrets from Azure key vault.
I am using:
credential = DefaultAzureCredential(logging_enable=True)
client = SecretClient(vault_url=KV_URI, credential=credential)
secret = client.get_secret(secretName)
I have the managed identity which has read access RBAC on the vault but I am getting Timeout errors.
along with these messages:
[ERROR] - Unable to connect to KV using DefaultAzureCredential, ERROR: (<urllib3.connection.HTTPSConnection object at 0x7f2dc85c2c90>, 'Connection to <vault_name>.vault.azure.net timed out. (connect timeout=300)')
[App: azure.identity._credentials.environment -- Module: environment --Line# 109] [INFO] - Incomplete environment configuration for EnvironmentCredential. These variables are set: AZURE_CLIENT_ID, AZURE_TENANT_ID
[App: azure.identity._credentials.managed_identity -- Module: managed_identity --Line# 80] [INFO] - ManagedIdentityCredential will use workload identity
[INFO] - credential Object: <azure.identity._credentials.default.DefaultAzureCredential object at 0x7f2e00442150>
[INFO] - Request URL: 'https://<vault_name>.vault.azure.net/secrets/snowflake-password/?api-version=REDACTED'
Request method: 'GET'
Request headers:
'Accept': 'application/json'
'x-ms-client-request-id': '517c4ebb-7f70-11ef-b4ad-d9ce3dacc7ab'
'User-Agent': 'azsdk-python-keyvault-secrets/4.8.0 Python/3.12.3 (Linux-5.15.0-1071-azure-x86_64-with-glibc2.39)'
No body was attached to the request
What should I check ?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju 6,825 Reputation points Microsoft Vendor2024-10-07T23:15:30.53+00:00 Hello @AT,
Thank you for posting your query on Microsoft Q&A.
The error message indicates that the connection to the key vault timed out. Timeout errors when connecting to Azure Key Vault can be caused by various issues, such as network connectivity problems, misconfigurations, or even transient issues with the Azure Key Vault service itself. Here are some steps to help diagnose the issue:
Test the Key Vault Endpoint in your Browser: Try accessing your Key Vault's DNS endpoint (https://<<vaultname>>.vault.azure.net/). If communication is successful, you should receive a 403 error when calling the Key Vault's endpoint.
Test the TCP Connection to your Key Vault's Endpoint over Port 443: On the client machine, open a PowerShell prompt and run the following command:
Test-NetConnection -Port 443 <<vaultname>>.vault.azure.netThe command output should show no timeouts. If the connection fails, you will see
TcpTestSucceededasFalse.Verify the Key Vault's Health Status: You can check the health status of your Key Vault by running the following command:
Invoke-WebRequest -UseBasicParsing -Uri https://yourvaultnamehere.vault.azure.net/healthstatusCheck for Proxy Settings on the Calling System: Use the following command to verify if there are any proxy settings configured that might be interfering with the connection:
netsh winhttp show proxyFor additional details, refer to this documentation: Access Azure Key Vault Behind a Firewall
Thanks,
Raja Pothuraju. -
Raja Pothuraju 6,825 Reputation points Microsoft Vendor
2024-10-10T23:00:32.0133333+00:00 Hello @AT,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Sign in to comment
Sign in to answer