Gitpulse
Merged
Size
M
Change Breakdown
Bug Fix80%
Maintenance20%
#28325fix(core): Skip disabled Azure Key Vault secrets and handle partial fetch failures

Azure Key Vault secret reloads now tolerate individual failures

AL
alielkhateeb
·Apr 13, 2026

Azure Key Vault integrations in n8n are now more reliable — disabled secrets are skipped during reload, and individual fetch failures no longer abort the entire operation. Only when every secret fails does the reload throw an error, preserving the last known good cache state.

Azure Key Vault integrations in n8n had a reliability problem. When reloading secrets, disabled secrets were still being fetched — triggering unnecessary errors. More critically, a single inaccessible secret would abort the entire reload, leaving users with no secrets at all instead of the ones that worked.

Secrets marked as disabled are now skipped during the reload cycle, eliminating wasted API calls. More importantly, the fetch strategy changed from Promise.all to Promise.allSettled. Now when one secret fails, others still load. The system logs warnings for each failure without stopping. Only when every single secret fails does the reload throw an error — and even then, the previous cache remains intact.

These changes live in the external secrets module, specifically the Azure Key Vault provider. For users with large vaults containing a mix of active and archived secrets, or vaults where a handful of secrets occasionally become inaccessible, secret management becomes far more predictable.

View Original GitHub Description

Summary

  • Skip secrets marked as disabled when listing Azure Key Vault secrets, avoiding unnecessary getSecret calls for secrets that cannot be retrieved.
  • Switch from Promise.all to Promise.allSettled when fetching secret values so that a single inaccessible secret does not abort the entire reload — other secrets are still loaded and a warning is logged per failure.
  • Only throw (and leave the cache unchanged) when every secret fetch fails, preserving the last known good state.

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/LIGO-449

  • I have seen this code, I have run this code, and I take responsibility for this code.

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse