We use the Azure KeyVault Secrets to store connection strings, API secrets, etc. We have written a small DLL to fetch the secrets:
CTOR:
- Get the x509 certificate from the server (it is installed on the web server where the API lives)
- Create the new ClientCertificateCredential with the TenantId, ClientId, and certificate
- Initialize the client with our vault URL and certificate credential
Then to fetch we simply call GetSecret using the client.
We have used this in many APIs, but we have a couple Web APIs that we use more than others, and these seem to crash every 90-120 minutes with the following error:
Error fetching Records-WebApi-RecordsUIClientSecret - ClientCertificateCredential authentication failed: Retry failed after 2 tries. Retry settings can be adjusted in ClientOptions.Retry. (The operation was cancelled because it exceeded the configured timeout of 0:01:40. Network timeout can be adjusted in ClientOptions.Retry.NetworkTimeout.) (The operation was canceled.) See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/clientcertificatecredential/troubleshoot
Nothing in the troubleshooting seems to correct the error.
I tried setting it so that when it gets this error, it then resets the client and retries, in case the client auth had expired, but no luck.
Does anyone know what might be causing this? If it could be multiple calls using the same client?