Key secret get/show post expiry

[ajitchandra]

Hi Team,

Got a use case for Key vault secret with expiry date set and are able to retrieve the value after the expiry date has lapsed.

Expected cli/Rest Key vault secret show/get output:

(Forbidden) Operation get is not allowed on a expired secret. Code: Forbidden
Message: Operation get is not allowed on a expired secret.
Inner error: {
"code": "SecretExpired"
}

Actual result:

Request URL: 'https://XXXX.vault.azure.net/secrets//?api-version=REDACTED' Request method: 'GET' Request headers: 'Accept': 'application/json' 'x-ms-client-request-id': '57358e22-c96d-11ee-800d-00155de4a17c' 'User-Agent': 'azsdk-python-keyvault-secrets/4.7.0 Python/3.10.10 (Linux-5.15.133.1-microsoft-standard-WSL2-x86_64-with-glibc2.35)' 'Authorization': 'REDACTED' No body was attached to the request Response status: 200

As per the doc: https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets#secret-attributes, we should not be able to retrieve the object value.

Seems the Expiry date attributes has no effect on the secret get operations. Can you please confirm if the understanding is correct and if so, what will be solution for this.

[hongooi73]

If you look at the secret in the Azure dashboard, does it show that the expiry date is set?

[ajitchandra]

Hi Hong,

The dashboard view shows the expiry date on the object version. Attached is an image for reference.

Regards, Ajit

On Wed, Feb 14, 2024 at 11:15 PM Hong Ooi @.***> wrote:

If you look at the secret in the Azure dashboard, does it show that the expiry date is set?

— Reply to this email directly, view it on GitHub https://github.com/Azure/AzureKeyVault/issues/19#issuecomment-1943453947, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABS7MTHVXCVRU2X2ZWCXODDYTSFEZAVCNFSM6AAAAABDF3XIU6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBTGQ2TGOJUG4 . You are receiving this because you authored the thread.Message ID: @.***>