SSL Handshake Timeout (Azure KeyVault)

Question

I am trying to learn how to fetch secret values from Azure KeyVault in a SpringBoot application. But its slowly becoming a frustrating experience. A brief gist of what I did till now:

1. Registered my application in Azure Active Directory. To generate client-id, client-secret and tenant-id. I provided the name in the artifactId of the pom.xml as the name in the Azure AD.
2. Created a KeyVault with Vault Based Access Policy.
3. Registered the access i created above in the KeyVault.
4. Created the app with the properties I got from Azure. Like URL, tenant-id, client-id, secret etc.

My properties currently look like this:

spring.cloud.azure.keyvault.enabled=true

spring.cloud.azure.keyvault.secret.client.connect-timeout=20000

spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=XXX_SOME_ID

spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=XXX_SOME_SECRET

spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=XXX_TENANT_ID

spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=MY_URL

But when I run the spring boot application, I get the following error:

20:57:25.415 [Thread-0] DEBUG org.springframework.boot.devtools.restart.classloader.RestartClassLoader - Created RestartClassLoader org.springframework.boot.devtools.restart.classloader.RestartClassLoader@26b9a785
20:58:14.762 [restartedMain] ERROR org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Failed to configure KeyVault property source
        at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySource(KeyVaultEnvironmentPostProcessor.java:131)
        at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.buildKeyVaultPropertySourceList(KeyVaultEnvironmentPostProcessor.java:116)
        at com.azure.spring.cloud.autoconfigure.keyvault.environment.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:89)
        at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:102)
        at org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:87)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
        at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:85)
        at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:66)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
        at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:120)
        at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:114)
        at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:65)
        at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:343)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:301)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292)
        at com.example.demo.KeyvaultDemoApplication.main(KeyvaultDemoApplication.java:38)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
Caused by: reactor.core.Exceptions$ReactiveException: io.netty.handler.ssl.SslHandshakeTimeoutException: handshake timed out after 10000ms
        at reactor.core.Exceptions.propagate(Exceptions.java:396)
        at reactor.core.publisher.BlockingSingleSubscriber.blockingGet(BlockingSingleSubscriber.java:97)
        at reactor.core.publisher.Flux.blockLast(Flux.java:2761)

Any help would be appreciated.

Answer 1

Hi @Somnath Mallick ,

Thanks for reaching out.

It seems like you are facing a handshake error while trying to get a secret from Azure Key Vault using a Spring Boot application.

Have you gone through the steps mentioned in the https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-key-vault

Also, as per configuration properties mentioned here https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configuration-properties-azure-key-vault-secrets you need to enable Azure service secret to true.

Could you try to add below configuration properties

spring.cloud.azure.keyvault.secret.property-source-enabled=true
spring.cloud.azure.keyvault.secret.enabled=true

Also, check if there is any firewall or proxy blocking the SSL/TLS connection. If so, you need to configure them to allow the connection.

Thanks,

Shweta