Share via

Azure function occationaly gets super slow accessing keyvault

Bin Jin (Forestay) 35 Reputation points
2023-06-19T08:31:04.0933333+00:00

I have a servicebus-triggered azure function that needs to retrieve some secrets from keyvault in the begining.

Most of the executions finish normally within 3s, while every 5-10 executions, there will be one execution that takes super long (>2 mins).

After checking the log of these slow exectuions, all of them take more than 2 mins reading the secrets (executing the few lines below).

Any one knows why?

	kvname = os.getenv("keyvaultname")
    vault_url = f'https://{kvname}.vault.azure.net/'
    credential = DefaultAzureCredential(exclude_interactive_browser_credential=False)
    secret_client = SecretClient(vault_url=vault_url, credential=credential)

    affinitytoken = secret_client.get_secret('affinitytoken').value
    deal_list_id = secret_client.get_secret('affinitydeallistid').value
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,457 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,959 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2023-06-20T21:51:16.5366667+00:00

    Hi @Bin Jin (Forestay) ,

    It's abnormal for the executions to take more than two minutes. It sounds like there is a delay in the retrieval of the token. One potential reason for this is that the AzureServiceTokenProvider by default takes some time to try other authentication methods (like Managed Identity) before using Azure CLI or Visual Studio, as described here.

    If you are using Visual Studio, one thing that may help is to set the environment variable

    AzureServicesAuthConnectionString to the value RunAs=Developer; DeveloperTool=VisualStudio

    If you are using Azure CLI, you can set the environment variable AzureServicesAuthConnectionString to the value RunAs=Developer; DeveloperTool=AzureCli

    Alternatively, you can set exclusions to skip certain authentication methods.

    Another factor that can cause delays is if you created your Key Vault in a different region from your application. You can verify this by accessing from different regions.

    If these suggestions do not work, feel free to send me an email at AzCommunity@microsoft.com ("Attn Marilee Turscak") and include your subscription ID, and we can look into this further and get a support case opened if required.

    Related scenarios:

    Using AddAzureKeyVault makes my application 10 seconds slower

    Reading a secret from Azure Key Vault takes a long time

    reading secrets from KeyVault with Microsoft.Azure.Services.AppAuthentication

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.