Skip to content

Resolve key vault secret in parallel #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 14, 2025
Merged

Resolve key vault secret in parallel #192

merged 5 commits into from
May 14, 2025

Conversation

@zhiyuanliang-ms
Copy link
Member

@zhiyuanliang-ms zhiyuanliang-ms commented May 7, 2025
edited
Loading

Why this PR?

#191

This change can bring about 40% speed-up when loading 10+ secrets.

Visible change

Added KeyVaultOptions.parallelSecretResolutionEnabled option to allow resolving key vault secret in parallel.

Usage:

const credential = new DefaultAzureCredential();
const appConfig = await load("endpoint", credential, {
  keyVaultOptions: { credential: credential,  parallelSecretResolutionEnabled: true}
});

About Key Vault throttling

Key Vault allows 4000 transactions in 10 seconds, per vault per region. ref

  1. Key Vault SDK cannot be used in browser because of CORS. I have verified this. So, for the potential browser scenario of JS provider, people should not use Key Vault reference there. This significantly reduces the chance of Key Vault throttling as Key Vault reference is only valid to use in server scenario.

  2. For potential throttling response from Key Vault, the best practice is to use the built-in retry policy configured through SecretClientOptions.

The provider supports either registering SecretClient instances or configuring SecretClientOptions. ref

About cache for Key Vault secret

Secret cache is added in #175

@zhiyuanliang-ms zhiyuanliang-ms mentioned this pull request May 7, 2025
Closed
juniwang
juniwang reviewed May 7, 2025
View reviewed changes
@zhiyuanliang-ms zhiyuanliang-ms marked this pull request as ready for review May 13, 2025 07:40
@zhiyuanliang-ms zhiyuanliang-ms merged commit 986e3f0 into main May 14, 2025
6 checks passed
@zhiyuanliang-ms zhiyuanliang-ms deleted the zhiyuanliang/secret-performance branch May 14, 2025 03:15
@zhiyuanliang-ms zhiyuanliang-ms mentioned this pull request Jul 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juniwang juniwang juniwang left review comments

@CsCherrYY CsCherrYY CsCherrYY approved these changes

@drago-draganov drago-draganov Awaiting requested review from drago-draganov

@zhenlan zhenlan Awaiting requested review from zhenlan

@jimmyca15 jimmyca15 Awaiting requested review from jimmyca15

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@zhiyuanliang-ms @juniwang @drago-draganov @jimmyca15 @CsCherrYY