update

zhiyuanliang-ms · zhiyuanliang-ms · commit e11cbd0d4e5b · 2025-05-08T11:34:58.000+08:00
diff --git a/src/keyvault/AzureKeyVaultSecretProvider.ts b/src/keyvault/AzureKeyVaultSecretProvider.ts
@@ -31,21 +31,22 @@ export class AzureKeyVaultSecretProvider {
     }
 
     async getSecretValue(secretIdentifier: KeyVaultSecretIdentifier): Promise<unknown> {
-        // The map key is a combination of sourceId and version: "{sourceId}\n{version}"
+        // The map key is a combination of sourceId and version: "{sourceId}\n{version}".
         const identifierKey = `${secretIdentifier.sourceId}\n${secretIdentifier.version ?? ""}`;
+
+        // If the secret has a version, always use the cached value if available.
+        if (secretIdentifier.version && this.#cachedSecretValue.has(identifierKey)) {
+            return this.#cachedSecretValue.get(identifierKey);
+        }
+
         if (this.#refreshTimer && !this.#refreshTimer.canRefresh()) {
-            // return the cached secret value if it exists
+            // If the refresh interval is not expired, return the cached value if available.
             if (this.#cachedSecretValue.has(identifierKey)) {
-                const cachedValue = this.#cachedSecretValue.get(identifierKey);
-                return cachedValue;
+                return this.#cachedSecretValue.get(identifierKey);
             }
-            // not found in cache, get the secret value from key vault
-            const secretValue = await this.#getSecretValueFromKeyVault(secretIdentifier);
-            this.#cachedSecretValue.set(identifierKey, secretValue);
-            return secretValue;
         }
 
-        // Always reload the secret value from key vault when the refresh timer expires.
+        // Fallback to fetching the secret value from Key Vault.
         const secretValue = await this.#getSecretValueFromKeyVault(secretIdentifier);
         this.#cachedSecretValue.set(identifierKey, secretValue);
         return secretValue;
