-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DefaultAzureCredential authentication failed #441
Comments
I have a Go tool which I use to manage secrets in the KeyVault. When using the same package versions that vals is now using, it also fails with the same error.
However, using the older packages I was using already, it works as expected:
Upgrading only azidentity to v1.7.0 but NOT upgrading azsecrets (leaving it at v0.12.0) also breaks, suggesting the issue is in the azidentity package. EDIT: v1.6.0 also appears to be broken, while v1.5.2 is the latest working version. |
The package maintainers have confirmed that this breaking change is expected behaviour; I guess vals will need to change its implementation to support the "easy" setup for AKV it did previously if it wants to use a package version later than v1.5.2. See the back linked issue I raised the package repo for more info. |
@hamid-elaosta PR is welcome. |
@hamid-elaosta I will fix this issue. |
@hamid-elaosta I have no env to test this issue. maybe we can rollback to v1.5.2. WDYT? |
I rolled the library back and compiled vals myself and that is working, it's unfortunate as vals won't be able to benefit from changes in the Azure SDK without updating further. Unfortunately, Azure's decision with the SDK makes auto-config basically impossible; vals would need to take a flag to say which type of environment it's running in now that the fallback that worked before doesn't work any more. I disagree with the way they've changed the SDK, but it is what it is. |
Forgive me if this is a mistake on my end, but after having followed various bits of documentation I am at a loss.
I'm using vals with helm secrets plugin to manage secrets in helm values files for Terraform.
I had previously used this with no issues by following the very simple setup described here but now have a new laptop; I have downloaded the latest versions of Azure CLI and vals. I'm running Ubuntu 24.04 where previously I was running Debian 12.
Previously, I would simply
az login
, follow the login steps in my web browser, and then vals would be able to access secrets in my Azure KeyVault.Since setting up from scratch, I have followed the same steps (I don't remember any additional steps being required) of
az login
and then use vals or helm secrets as required, but now I receive this error that the token couldn't be acquired.I'm not using Environment credentials, and previously vals was simply picking up the auth from the az login that's already happened, but that doesn't appear to be the case now.
I've followed the troubleshooting from Microsoft (https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/azidentity/TROUBLESHOOTING.md#troubleshoot-defaultazurecredential-authentication-issues) and have confirmed I can retrieve the auth token by hand, I'm not sure though how to further debug why vals can't do so.
The text was updated successfully, but these errors were encountered: