Skip to content
Latchkey

Vault "context deadline exceeded" (timeout) in CI

The Vault client hit its request deadline before Vault responded. This is a timeout: slow network to a private Vault, a busy or failing-over node, or a VAULT_CLIENT_TIMEOUT set too low.

What this error means

A call fails with "context deadline exceeded (Client.Timeout exceeded while awaiting headers)" or "i/o timeout", often intermittently under load.

vault
Error making API request.

URL: GET https://vault.example.com/v1/secret/data/ci/app
Code: -1. Errors:

* Get "https://vault.example.com/v1/secret/data/ci/app": context deadline exceeded
  (Client.Timeout exceeded while awaiting headers)

Common causes

Network latency or a slow Vault node

A congested link to a private Vault, or a node under load or mid-failover, does not answer before the client deadline.

The client timeout is too short

A low VAULT_CLIENT_TIMEOUT aborts otherwise healthy requests during brief slowness.

How to fix it

Raise the client timeout and retry

  1. Increase VAULT_CLIENT_TIMEOUT to a value that tolerates normal latency.
  2. Wrap reads in a short retry with backoff.
  3. Confirm the runner has a good network path to Vault.
bash
export VAULT_CLIENT_TIMEOUT=30s
for i in 1 2 3; do vault kv get secret/ci/app && break; sleep 5; done

Target a healthy, reachable endpoint

Use the HA load balancer with health checks so requests avoid a slow or failing node.

.github/workflows/ci.yml
env:
  VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
  VAULT_CLIENT_TIMEOUT: '30s'

How to prevent it

  • Set a realistic VAULT_CLIENT_TIMEOUT for your network conditions.
  • Add short retries around secret reads to absorb transient slowness.
  • Front HA Vault with a health-checked load balancer.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →