Thank you for the detailed post!
From your issue, I understand that whenever you're checking a Key Vault Secret using the Python SDK's azure.keyvault.secrets
, you're seeing a delay when it comes to the propagation of Key Vault permissions for users within your Azure AD group.
Since this sounds like it could be related to a delay in the Azure AD group membership refresh. You should be able to see if forcing an update / refresh of the token cache in your Python SDK, prior to retrieving the Secret helps to resolve your issue. For more info - DefaultAzureCredential get_token.
If you're still having issues, can you share the documentation that you're following along with some more details:
- When you're checking the KV Secrets through the SDK, have you tried authenticating/re-authenticating each time or clearing your token cache?
- When removing the user from the Azure AD group, are you doing this through the Portal?
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.