Ensure fatal exceptions do not cause key regeneration (#8778)

fabiocav · web-flow · commit b82f7b265f4f · 2022-09-22T14:00:58.000-07:00
diff --git a/src/WebJobs.Script.WebHost/Security/SecretManager.cs b/src/WebJobs.Script.WebHost/Security/SecretManager.cs
@@ -95,7 +95,7 @@ public async virtual Task<HostSecretsInfo> GetHostSecretsAsync()
                         // so we read the secrets running them through the appropriate readers
                         hostSecrets = ReadHostSecrets(hostSecrets);
                     }
-                    catch (CryptographicException)
+                    catch (CryptographicException ex) when (!ex.InnerException.IsFatal())
                     {
                         _traceWriter.Verbose(Resources.TraceNonDecryptedHostSecretRefresh);
                         await PersistSecretsAsync(hostSecrets, null, true);
@@ -161,7 +161,7 @@ public async virtual Task<IDictionary<string, string>> GetFunctionSecretsAsync(s
                     // Read all secrets, which will run the keys through the appropriate readers
                     secrets.Keys = secrets.Keys.Select(k => _keyValueConverterFactory.ReadKey(k)).ToList();
                 }
-                catch (CryptographicException)
+                catch (CryptographicException ex) when (!ex.InnerException.IsFatal())
                 {
                     string messageNonDecrypted = string.Format(Resources.TraceNonDecryptedFunctionSecretRefresh, functionName);
                     _traceWriter.Info(messageNonDecrypted, traceProperties);

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ public async virtual Task<HostSecretsInfo> GetHostSecretsAsync()`
`95`	`95`	`// so we read the secrets running them through the appropriate readers`
`96`	`96`	`hostSecrets = ReadHostSecrets(hostSecrets);`
`97`	`97`	`}`
`98`		`- catch (CryptographicException)`
	`98`	`+ catch (CryptographicException ex) when (!ex.InnerException.IsFatal())`
`99`	`99`	`{`
`100`	`100`	`_traceWriter.Verbose(Resources.TraceNonDecryptedHostSecretRefresh);`
`101`	`101`	`await PersistSecretsAsync(hostSecrets, null, true);`
`@@ -161,7 +161,7 @@ public async virtual Task<IDictionary<string, string>> GetFunctionSecretsAsync(s`
`161`	`161`	`// Read all secrets, which will run the keys through the appropriate readers`
`162`	`162`	`secrets.Keys = secrets.Keys.Select(k => _keyValueConverterFactory.ReadKey(k)).ToList();`
`163`	`163`	`}`
`164`		`- catch (CryptographicException)`
	`164`	`+ catch (CryptographicException ex) when (!ex.InnerException.IsFatal())`
`165`	`165`	`{`
`166`	`166`	`string messageNonDecrypted = string.Format(Resources.TraceNonDecryptedFunctionSecretRefresh, functionName);`
`167`	`167`	`_traceWriter.Info(messageNonDecrypted, traceProperties);`