sign
sign copied to clipboard
dotnet
Error when using "azure-powershell" credential type: "Azure PowerShell authentication timed out."
I have configured an Azure DevOps pipeline to sign nuget packages using Azure Key Vault via ARM service connection.
I have the following two tasks:
- task: AzureCLI@2
displayName: 'Sign with Azure Key Vault (AzureCLI@2)'
inputs:
azureSubscription: 'AzKeyVaultConnection' # Azure Resource Manager service connection
addSpnToEnvironment: true
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
$ErrorActionPreference = 'Stop'
Write-Host "Signing package with Azure Key Vault certificate..."
dotnet sign code azure-key-vault `
--azure-key-vault-url $(AzureKeyVaultUrl) `
--azure-key-vault-certificate $(AzureKeyVaultCertificate) `
--azure-credential-type azure-cli `
"$(Build.SourcesDirectory)\TestPackages\MyPackage.1.0.0.nupkg"
Write-Host "exit code: $LASTEXITCODE"
- task: AzurePowerShell@5
displayName: 'Sign with Azure Key Vault (AzurePowerShell@5)'
inputs:
azureSubscription: 'AzKeyVaultConnection' # Azure Resource Manager service connection
TargetAzurePs: 'LatestVersion'
ScriptType: 'InlineScript'
Inline: |
$ErrorActionPreference = 'Stop'
Write-Host "Signing package with Azure Key Vault certificate..."
dotnet sign code azure-key-vault `
--azure-key-vault-url $(AzureKeyVaultUrl) `
--azure-key-vault-certificate $(AzureKeyVaultCertificate) `
--azure-credential-type azure-powershell `
"$(Build.SourcesDirectory)\TestPackages\MyPackage.1.0.0.nupkg"
Write-Host "exit code: $LASTEXITCODE"
Normally both work fine and identical, but the second task regularly (3 times out of 5) fails with "Azure PowerShell authentication timed out." error.
Using sign v0.9.1-beta.25379.1.
Detailed error log:
fail: Sign.Core.ISigner[0]
Azure PowerShell authentication timed out.
Azure.Identity.AuthenticationFailedException: Azure PowerShell authentication timed out.
at Azure.Identity.AzurePowerShellCredential.RequestAzurePowerShellAccessTokenAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
at Azure.Identity.AzurePowerShellCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
at Azure.Identity.AzurePowerShellCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Identity.AzurePowerShellCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequestAsync(HttpMessage message, TokenRequestContext context)
at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.ProcessAsyncInternal(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificateAsync(String certificateName, CancellationToken cancellationToken)
at Sign.SignatureProviders.KeyVault.KeyVaultService.GetCertificateAsync(CancellationToken cancellationToken) in /_/src/Sign.SignatureProviders.KeyVault/KeyVaultService.cs:line 66
at Sign.Core.Signer.SignAsync(IReadOnlyList`1 inputFiles, String outputFile, FileInfo fileList, Boolean recurseContainers, DirectoryInfo baseDirectory, String applicationName, String publisherName, String description, Uri descriptionUrl, Uri timestampUrl, Int32 maxConcurrency, HashAlgorithmName fileHashAlgorithm, HashAlgorithmName timestampHashAlgorithm) in /_/src/Sign.Core/Signer.cs:line 79
exit code: 2
I also attach the full log. From there is is visible that the whole task was running in 36s and the timeout happened after 18 seconds after the previous message, so it does not seem to be a real "timeout" situation.
2025-11-13T15:00:48.8758074Z ##[section]Starting: Sign with Azure Key Vault (AzurePowerShell@5)
2025-11-13T15:00:48.8763788Z ==============================================================================
2025-11-13T15:00:48.8763885Z Task : Azure PowerShell
2025-11-13T15:00:48.8763934Z Description : Run a PowerShell script within an Azure environment
2025-11-13T15:00:48.8764002Z Version : 5.264.0
2025-11-13T15:00:48.8764053Z Author : Microsoft Corporation
2025-11-13T15:00:48.8764114Z Help : https://aka.ms/azurepowershelltroubleshooting
2025-11-13T15:00:48.8764178Z ==============================================================================
2025-11-13T15:00:49.8276217Z AZUREPS_HOST_ENVIRONMENT: ADO/AzurePowerShell@v5_Windows_NT_Hosted Agent_Sign NuGet Packages_4656__
2025-11-13T15:00:49.9019798Z Generating script.
2025-11-13T15:00:49.9703958Z ========================== Starting Command Output ===========================
2025-11-13T15:00:49.9917887Z ##[command]"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\646df8cf-6b66-4f94-aee8-ffb37efdaf5d.ps1'"
2025-11-13T15:00:51.0203621Z Added TLS 1.2 in session.
2025-11-13T15:00:51.2009674Z ##[command]Import-Module -Name C:\Modules\az_12.5.0\Az.Accounts\5.3.0\Az.Accounts.psd1 -Global
2025-11-13T15:00:54.3423850Z ##[command]Update-AzConfig -CheckForUpgrade False -AppliesTo Az -Scope Process
2025-11-13T15:00:54.5213377Z
2025-11-13T15:00:54.6015140Z ##[command]Get-AzConfig -AppliesTo Az
2025-11-13T15:00:54.6517288Z ##[command]Update-AzConfig -DisplayBreakingChangeWarning False -AppliesTo Az -Scope Process
2025-11-13T15:00:54.6683375Z ##[command]Enable-AzureRmAlias -Scope Process
2025-11-13T15:00:57.4682402Z ##[command]Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
2025-11-13T15:00:58.7372025Z ##[command]Clear-AzContext -Scope Process
2025-11-13T15:00:59.7474036Z ##[command]Connect-AzAccount
2025-11-13T15:00:59.7474289Z Name Value
2025-11-13T15:00:59.7474492Z ---- -----
2025-11-13T15:00:59.7474706Z Tenant ****************
2025-11-13T15:00:59.7474916Z Scope Process
2025-11-13T15:00:59.7475107Z Environment AzureCloud
2025-11-13T15:00:59.7475569Z ApplicationId ***
2025-11-13T15:00:59.7475784Z ServicePrincipal True
2025-11-13T15:00:59.7475885Z
2025-11-13T15:00:59.7475955Z
2025-11-13T15:00:59.7476010Z
2025-11-13T15:00:59.7476196Z Key Value Applies To Scope Help Message
2025-11-13T15:00:59.7476421Z --- ----- ---------- ----- ------------
2025-11-13T15:00:59.7476700Z CheckForUpgrade False Az Process When enabled, Azure PowerShell will check for updates automati...
2025-11-13T15:00:59.7477034Z DisplayBreakingChangeWarning False Az Process Controls if warning messages for breaking changes are displaye...
2025-11-13T15:00:59.7477201Z
2025-11-13T15:00:59.7477451Z Environments : {[AzureChinaCloud, AzureChinaCloud], [AzureCloud, AzureCloud], [AzureUSGovernment, AzureUSGovernment]}
2025-11-13T15:00:59.7477908Z Context : Microsoft.Azure.Commands.Profile.Models.Core.PSAzureContext
2025-11-13T15:00:59.7478034Z
2025-11-13T15:00:59.7478223Z VERBOSE: Command [Connect-AzAccount] succeeded.
2025-11-13T15:00:59.7479858Z ##[command]Set-AzContext
2025-11-13T15:00:59.7480047Z Name Value
2025-11-13T15:00:59.7480225Z ---- -----
2025-11-13T15:00:59.7480438Z SubscriptionId ****************
2025-11-13T15:00:59.7480547Z
2025-11-13T15:00:59.7480614Z
2025-11-13T15:00:59.7480670Z
2025-11-13T15:00:59.7480725Z
2025-11-13T15:00:59.7480937Z Name : **************** -
2025-11-13T15:00:59.7481274Z **************** - ***
2025-11-13T15:00:59.7481527Z Subscription : ****************
2025-11-13T15:00:59.7481780Z Account : ***
2025-11-13T15:00:59.7481965Z Environment : AzureCloud
2025-11-13T15:00:59.7482169Z Tenant : ****************
2025-11-13T15:00:59.7482374Z TokenCache :
2025-11-13T15:00:59.7482545Z VersionProfile :
2025-11-13T15:00:59.7482725Z ExtendedProperties : {}
2025-11-13T15:00:59.7482811Z
2025-11-13T15:00:59.7482995Z VERBOSE: Command [Set-AzContext] succeeded.
2025-11-13T15:00:59.7483225Z Signing package with Azure Key Vault certificate...
2025-11-13T15:01:17.8837149Z fail: Sign.Core.ISigner[0]
2025-11-13T15:01:17.8837746Z Azure PowerShell authentication timed out.
2025-11-13T15:01:17.8838278Z Azure.Identity.AuthenticationFailedException: Azure PowerShell authentication timed out.
2025-11-13T15:01:17.8844862Z at Azure.Identity.AzurePowerShellCredential.RequestAzurePowerShellAccessTokenAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
2025-11-13T15:01:17.8845657Z at Azure.Identity.AzurePowerShellCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
2025-11-13T15:01:17.8852646Z at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
2025-11-13T15:01:17.8853757Z at Azure.Identity.AzurePowerShellCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
2025-11-13T15:01:17.8854544Z at Azure.Identity.AzurePowerShellCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
2025-11-13T15:01:17.8855324Z at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
2025-11-13T15:01:17.8874340Z at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
2025-11-13T15:01:17.8885236Z at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
2025-11-13T15:01:17.8885854Z at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
2025-11-13T15:01:17.8886347Z at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequestAsync(HttpMessage message, TokenRequestContext context)
2025-11-13T15:01:17.8886815Z at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
2025-11-13T15:01:17.8890073Z at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.ProcessAsyncInternal(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-11-13T15:01:17.8891223Z at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-11-13T15:01:17.8891823Z at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-11-13T15:01:17.8892302Z at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-11-13T15:01:17.8892754Z at Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
2025-11-13T15:01:17.8893209Z at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
2025-11-13T15:01:17.8893667Z at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
2025-11-13T15:01:17.8894162Z at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificateAsync(String certificateName, CancellationToken cancellationToken)
2025-11-13T15:01:17.8895774Z at Sign.SignatureProviders.KeyVault.KeyVaultService.GetCertificateAsync(CancellationToken cancellationToken) in /_/src/Sign.SignatureProviders.KeyVault/KeyVaultService.cs:line 66
2025-11-13T15:01:17.8899114Z at Sign.Core.Signer.SignAsync(IReadOnlyList`1 inputFiles, String outputFile, FileInfo fileList, Boolean recurseContainers, DirectoryInfo baseDirectory, String applicationName, String publisherName, String description, Uri descriptionUrl, Uri timestampUrl, Int32 maxConcurrency, HashAlgorithmName fileHashAlgorithm, HashAlgorithmName timestampHashAlgorithm) in /_/src/Sign.Core/Signer.cs:line 79
2025-11-13T15:01:17.9180563Z exit code: 2
2025-11-13T15:01:17.9181803Z
2025-11-13T15:01:17.9182416Z
2025-11-13T15:01:18.2120698Z Added TLS 1.2 in session.
2025-11-13T15:01:19.5670216Z ##[command]Disconnect-AzAccount -Scope CurrentUser -ErrorAction Stop
2025-11-13T15:01:19.8402600Z ##[command]Disconnect-AzAccount -Scope Process -ErrorAction Stop
2025-11-13T15:01:19.8584015Z ##[command]Clear-AzContext -Scope Process -ErrorAction Stop
2025-11-13T15:01:25.6162237Z ##[section]Finishing: Sign with Azure Key Vault (AzurePowerShell@5)