GraphQL timeout error when loading Secrets Manager user permissions

Summary

The Secrets Manager user permissions list fails to load due to a request timeout error from the permissions endpoint.

Steps to reproduce

Enable Secrets Manager for a Project from Settings
Navigate to the Secrets Manager permissions section
Observe the timeout error when trying to load the user permissions list

What is the current bug behavior?

A timeout error occurs when attempting to load the Secrets Manager user permissions list. This error is not visible in the GitLab UI - it silently fails.

What is the expected correct behavior?

The Secrets Manager user permissions list should load successfully.

Relevant logs and/or screenshots

Screenshot:

Request and Response

Request Payload:

{
  "operationName": "secretPermissions",
  "variables": {
    "projectPath": "issue-reproduce/gitlab-secrets-manager-group/project-secrets"
  },
  "query": "query secretPermissions($projectPath: ID!) {\n  projectSecretsPermissions(projectPath: $projectPath) {\n    nodes {\n      expiredAt\n      grantedBy {\n        id\n        username\n        name\n        avatarUrl\n        webUrl\n        __typename\n      }\n      actions\n      principal {\n        id\n        type\n        userRoleId\n        user {\n          id\n          username\n          name\n          avatarUrl\n          webUrl\n          __typename\n        }\n        group {\n          id\n          name\n          avatarUrl\n          webUrl\n          __typename\n        }\n        __typename\n      }\n      project {\n        id\n        __typename\n      }\n      __typename\n    }\n    __typename\n  }\n}"
}

Response:

{
    "errors": [
        {
            "message": "Request timed out. Please try a less complex query or a smaller set of records."
        }
    ]
}

More details: #554928 (comment 2691590521)

Possible fixes

Batch loading - This was implemented in Optimize project member access loading with Bat... (!202493 - merged) but did not work. See #562240 (comment 2807185438)
Use new endpoint introduced in OpenBao 2.5.0 - This is covered by [Rails] List OpenBao policies in a single query (#585567 - closed).

Patch release information for backports

If the bug fix needs to be backported in a patch release to a version under the maintenance policy, please follow the steps on the patch release runbook for GitLab engineers.

Refer to the internal "Release Information" dashboard for information about the next patch release, including the targeted versions, expected release date, and current status.

High-severity bug remediation

To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.

Edited Jan 27, 2026 by Fabien Catteau