Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure KeyVault Implementation Max Secret Size of 25600 causes upsert to fail. #421

Open
Waiver-Wire-Addict opened this issue Apr 19, 2024 · 0 comments
Open

Azure KeyVault Implementation Max Secret Size of 25600 causes upsert to fail. #421

Waiver-Wire-Addict opened this issue Apr 19, 2024 · 0 comments
Labels
bug Something isn't working community triage The issue is new and needs to be triaged by a maintainer

Comments

@Waiver-Wire-Addict
Copy link

Current Behavior

As identified in #405, the maximum depth for config sets for an Azure Key Vault Store is 1.
If I have a config set based on my environment, let's call it "dev", whenever I add a config to that config set, the Azure Key Vault store stores all the configs in 1 secret called 'dev'.
After about 40 or so configs, some of which are large -- we have had a config upsert fail due to the single 'dev' secret now being larger that the maximum secret size supported by Azure Key Vault.

Expected Behavior

I expected the implementation to handle the maximum secret size and split a config set into multiple secrets to ensure that the secret size limit does not impede the upserting of configs. The Azure Key Vault Secret size is really just a storage chunk size, and I expected the implementation to avoid exposing this limit in this way. Possibly it might make sense to have a maximums size of a config not exceed this limit, but again this limit is sort of small, so I think the implementation needs to be able to split what it stores into multiple secrets and reconstitute configs on the client from multiple Azure Key Vault Secrets.
Or I expected that the config name would be encoded into the secret name, so that by default configu would not store all configs in 1 secret. I expected the code to somehow compensate for secret sizes.

To Reproduce

Create a config with a string with 25601 characters
Try to upsert it into an Azure Key Vault store
You should get the following:
RestError: Secret is beyond the maximum permitted length of 25600 characters.
Code: BadParameter

Context

This issue, coupled with issue 405 -- makes it so that the Azure Key Vault store really only works without config sets -- if you create unique names for all your configs, and don't try to use a config set hierarchy. But if I was doing that, I can just use the Azure CLI to store directly into Azure Key Vault -- and the value that configu brings in organizing configs into hierarchies is lost. When I found configu, I was excited by it -- I could clearly see the value it's architecture provides. I am not in a position to procure the cloud version of configu, and I believe that most of the configu stores based on the Key-Value Store base class will suffer from similar issues that I have identified. If there are other stores that work differently -- if one could be recommended I would appreciate it.
@Waiver-Wire-Addict Waiver-Wire-Addict added the bug Something isn't working label Apr 19, 2024
@github-actions github-actions bot added triage The issue is new and needs to be triaged by a maintainer community labels Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working community triage The issue is new and needs to be triaged by a maintainer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Waiver-Wire-Addict