6

I'm using KeyVaultClient from the 2.3.2 Microsoft.Azure.KeyVault NuGet. Using GetSecretAsync(,), I noticed that a KeyVaultErrorException is raised if I try to access a non-existent secret.

Unfortunately that same error is also raised when access to the keyvault is denied or the keyvault endpoint is not found.

The only distinguisher I see at the moment is the Message property. So what's the right way to detect that a secret was not found? Why would this throw an exception versus returning a null or some other 'empty' object?

Improve this question
0

1 Answer 1

Reset to default
3

Asking for nonexistent secret:

System.AggregateException occurred HResult=0x80131500 Message=One or more errors occurred. Source=mscorlib Inner Exception 1: KeyVaultErrorException: Secret not found: secret22222 ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException) .Body.Error.Code = "SecretNotFound" ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException) .Body.Error.Message = "Secret not found: secret22222"

No rights for reading secret:

System.AggregateException occurred HResult=0x80131500 Message=One or more errors occurred. Source=mscorlib Inner Exception 1: KeyVaultErrorException: Access denied ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException) .Body.Error.Code = "Forbidden" ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException) .Body.Error.Message = "Access denied"

Trying to read a disabled secret:

System.AggregateException occurred HResult=0x80131500 Message=One or more errors occurred. Source=mscorlib Inner Exception 1: KeyVaultErrorException: Operation get is not allowed on a disabled secret. ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException) .Body.Error.Code = "Forbidden" ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException) .Body.Error.Message = "Operation get is not allowed on a disabled secret."

Invalid vault endpoint:

System.AggregateException occurred HResult=0x80131500 Message=One or more errors occurred. Source=mscorlib Inner Exception 1: HttpRequestException: An error occurred while sending the request. Inner Exception 2: WebException: The remote name could not be resolved: 'alicezzzzzz.vault.azure.net'

Doesn't look that bad to me. If you're expecting strong error typing, i don't think that's going to happen given the SDK is just light REST wrapper, probably (partially?) generated by AutoRest - not obviously mentioned, but still mentioned :) in the NuGet project description (Project Site).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ok, at first blush this smelled: having to go three levels deep to get the cause of an exception. IMHO, Body.Error.Code should (additionally) exposed directly on the KeyVaultErrorException; Message is. Are we guaranteed that Body.Error.Code is never localized?
It is also surfaced in Message on the first InnerException: ((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException).Message, but yes i see your point. Can't speak on behalf of the KeyVault product group but since that's coming straight from the API i would highly doubt you get localization without specifically asking for it (with a header/param/something).

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.