[Feature Req][Azure.Extensions.AspNetCore.Configuration.Secrets] Ability to lazily load secrets from Azure KV #18410
Assignees
Labels
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
Extensions
ASP.NET Core extensions
feature-request
This issue requires a new behavior in the product in order be resolved.
needs-team-attention
Workflow: This issue needs attention from Azure service team or SDK team
Milestone
Comments
ghost
added
needs-triage
jananiva
changed the title
jananiva
changed the title
jananiva
changed the title
Mohit-Chakraborty
added
Client
ghost
removed
the
needs-triage
|
Thank you for your feedback. Tagging and routing to the team best able to assist. |
Mohit-Chakraborty
added
the
needs-team-triage
jsquire
added
needs-team-attention
|
Actually, this is an ASP.NET extensions ask with @pakrym owns but I can take a look as well, so adding him as co-assignee. |
heaths
added
Extensions
|
Unfortunately, the ASP.NET Core Options system doesn't support lazy loading. All configuration sources are enumerated eagerly when on ConfigurationBuilder.Build() You can use the https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/extensions/Azure.Extensions.AspNetCore.Configuration.Secrets/src/KeyVaultSecretManager.cs to only load a subset of secrets by overriding the |
openapi-sdkautomation bot
pushed a commit
to AzureSDKAutomation/azure-sdk-for-net
that referenced
this issue
Mar 30, 2022
dev-Sentinel-2022-04-01-preview (Azure#18410) * Adds base for updating Microsoft.SecurityInsights from version preview/2022-01-01-preview to version 2022-04-01-preview * Updates readme * Updates API version in new specs and examples * Fix ThreatInteliignece accordig to latest preview for alignment (Azure#18231) * Add UebaEntityProviders to EntityAnalyticsSettings (Azure#18196) * Add UebaEntityProviders to EntityAnalyticsSettings * remove ueba * Added additionalProperties to itemsKeyValue to resolve autorest issues (Azure#18170) * added additionalProperties to itemsKeyValue to resolve autorest issues * Update Watchlists.json * ran prettier-fix * Remove readonly property from ownerType (Azure#18450) Co-authored-by: dosegal <[email protected]> Co-authored-by: NoaGoren <[email protected]> Co-authored-by: ushasan <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Our code uses
Azure.Extensions.AspNetCore.Configuration.Secretspackage to load secrets from KV into configuration instance during app startup. Since there is no option but to load all secrets at once from KV, when multiple app instances are trying to connect to KV during startup, KV throttles us.And during high loads, when we scale up the number of VMs/instances, all of these instances try to come up at the same time and try to read it from KV and KV keeps throttling us.
Service Fabric cluster doesn't take to startup failures pretty well and it keeps aggressively retrying to startup which further worsens the load on KV!
The app does not need 'ALL' the secrets in the keyvault during start-up, it only needs a subset. So, please add the ability to lazily load secrets on demand from KV.
The text was updated successfully, but these errors were encountered: