Latest version 1.2.2 errors on new secret creation in Azure

[mikecorrigan351]

Hello!

We recently tried to generate a new secret and ran into an error in our pipeline. Basically when pointing to 1.2.0 in the pipeline the secret generates properly and syncs to Azure keyvault. Here's the error we see from the pod. We kind of expect to get a 404 here I think because the secret hasn't been created in the vault yet, and secret agent should create this.

GET https://keyvaultname.azure.net/secrets/SECRET_NAME

---

RESPONSE 404: 404 Not Found

ERROR CODE: SecretNotFound

---

{

"error": {

"code": "SecretNotFound",

"message": "A secret with (name/id) SECRET_NAME was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182"

}

}

I did open a ticket as well #108461

[mstrent]

Suspect this may have something to do with this commit, since it changed behavior around 404/SecretNotFound: https://github.com/ForgeRock/secret-agent/commit/9a467b7bd1a676db4f7d3b0b36ad81b71a0c1bec

[pearj]

@mstrent no that shouldn't have caused that. The change just meant that a disabled secret is treated the same as a missing secret. I added that code so that I could disable a secret and have the secret agent regenerate the secret, because you can't delete secrets from azure key vault without waiting for the 90 day retention period to expire.

Regardless this change has been in there since v1.1.5 (April 2022), so quite a while ago.

[mstrent]

@pearj yeah, we did have to roll back to that version in order to get past the error. Hadn't encountered it previously because we hadn't actually added any secrets in a looooong time. Or maybe some recent incompatibility introduced on the Azure side? Not sure. But the older secret agent version worked.

[pearj]

@mstrent that makes sense come to think of it I didn’t try creating secrets either.