Clever Geek Handbook

What is the correct way to detect a non-existent key in KeyVault

I am using KeyVaultClient from 2.3.2 Microsoft.Azure.KeyVault NuGet. Using GetSecretAsync (,) I noticed that a KeyVaultErrorException is thrown if I try to access a secret that does not exist.

Unfortunately, this same error occurs when access to keyvault or endpoint is denied, there is no key.

The only distinguishing feature I can see at the moment is the Message property. So what's the correct way to detect that the secret hasn't been found? Why does this throw an exception or return empty or some other "empty" object?

+3


source to share


1 answer


Asking for a non-existent secret:

System.AggregateException occurred
  HResult=0x80131500
  Message=One or more errors occurred.
  Source=mscorlib

Inner Exception 1:
KeyVaultErrorException: Secret not found: secret22222

((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
    .Body.Error.Code = "SecretNotFound"
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
    .Body.Error.Message = "Secret not found: secret22222"

No permission to read secrets:

System.AggregateException occurred
  HResult=0x80131500
  Message=One or more errors occurred.
  Source=mscorlib

Inner Exception 1:
KeyVaultErrorException: Access denied

((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
    .Body.Error.Code = "Forbidden"
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
    .Body.Error.Message = "Access denied"

Trying to read a secret secret:



System.AggregateException occurred
  HResult=0x80131500
  Message=One or more errors occurred.
  Source=mscorlib

Inner Exception 1:
KeyVaultErrorException: Operation get is not allowed on a disabled secret.

((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
    .Body.Error.Code = "Forbidden"
((Microsoft.Azure.KeyVault.Models.KeyVaultErrorException)($exception).InnerException)
    .Body.Error.Message = "Operation get is not allowed on a disabled secret."

Invalid storage endpoint:

System.AggregateException occurred
  HResult=0x80131500
  Message=One or more errors occurred.
  Source=mscorlib

Inner Exception 1:
HttpRequestException: An error occurred while sending the request.

Inner Exception 2:
WebException: The remote name could not be resolved: 'alicezzzzzz.vault.azure.net'

Doesn't look that bad to me. If you are expecting a severe typing error, I don't think it will happen if the SDK is just a REST wrapper, perhaps (partially?) Generated by AutoRest - not explicitly mentioned, but still mentioned :) in the NuGet project description (project site).

+1


source






More articles:


All Articles