Key Vault secrets versions #39790
Description
Is your feature request related to a problem? Please describe.
I have a setup with frequently changed keyvault secrets. I'm developing some automation service that would implement CAS updates there.
The SetSecret API does not allow me to specify the version I'm going to overwrite, so my fallback plan is to
- fetch version before the update (and save it as
before_update) - do the update
- fetch 3 latest versions and compare them to
before_update - if I see that
versions[current - 1]==before_update- I'm good - if I see that
versions[current -2]==before_update- do rollback and report this as a warning - if I see none of these versions are
before_update- report this as error (so my monitoring system ring)
However I've got way too many secret versions (as I mentioned before, it's changed quite frequently), and my list_properties_of_secret_versions function takes quite a few seconds to execute (which also might cause various race conditions).
Describe the solution you'd like
Ideally - CAS updates for secrets version - or at least the way to fetch N latest versions in one (simple and fast) call
Describe alternatives you've considered
CAS updates, but couldn't find it's possible with azure keyvault
Additional context
Any news regarding getting N latest versions of the secret?
At #35923 @mccoyp mentioned
I did discuss this with the service team and chronological version sorting unfortunately doesn't appear to be an option at this time. I'll mark this issue as resolved, but we'll be sure to incorporate this feedback into future planning.
Half a year passed, wondering if there might be any plans updates :)