diff --git a/apisix/core/config_etcd.lua b/apisix/core/config_etcd.lua
index a38b2042fba8..a70fc45f9178 100644
--- a/apisix/core/config_etcd.lua
+++ b/apisix/core/config_etcd.lua
@@ -484,6 +484,40 @@ function _M.getkey(self, key)
 end
 
 
+local get_etcd
+do
+    local etcd_cli
+
+    function get_etcd()
+        if etcd_cli ~= nil then
+            return etcd_cli
+        end
+
+        local local_conf, err = config_local.local_conf()
+        if not local_conf then
+            return nil, err
+        end
+
+        local etcd_conf = clone_tab(local_conf.etcd)
+        etcd_conf.http_host = etcd_conf.host
+        etcd_conf.host = nil
+        etcd_conf.prefix = nil
+        etcd_conf.protocol = "v3"
+        etcd_conf.api_prefix = "/v3"
+
+        -- default to verify etcd cluster certificate
+        etcd_conf.ssl_verify = true
+        if etcd_conf.tls and etcd_conf.tls.verify == false then
+            etcd_conf.ssl_verify = false
+        end
+
+        local err
+        etcd_cli, err = etcd.new(etcd_conf)
+        return etcd_cli, err
+    end
+end
+
+
 local function _automatic_fetch(premature, self)
     if premature then
         return
@@ -495,7 +529,7 @@ local function _automatic_fetch(premature, self)
 
         local ok, err = xpcall(function()
             if not self.etcd_cli then
-                local etcd_cli, err = etcd.new(self.etcd_conf)
+                local etcd_cli, err = get_etcd()
                 if not etcd_cli then
                     error("failed to create etcd instance for key ["
                           .. self.key .. "]: " .. (err or "unknown"))
@@ -548,22 +582,11 @@ function _M.new(key, opts)
         return nil, err
     end
 
-    local etcd_conf = clone_tab(local_conf.etcd)
+    local etcd_conf = local_conf.etcd
     local prefix = etcd_conf.prefix
-    etcd_conf.http_host = etcd_conf.host
-    etcd_conf.host = nil
-    etcd_conf.prefix = nil
-    etcd_conf.protocol = "v3"
-    etcd_conf.api_prefix = "/v3"
-    etcd_conf.ssl_verify = true
-
-    -- default to verify etcd cluster certificate
-    if etcd_conf.tls and etcd_conf.tls.verify == false then
-        etcd_conf.ssl_verify = false
-    end
-
-    if not etcd_conf.resync_delay or etcd_conf.resync_delay < 0 then
-        etcd_conf.resync_delay = 5
+    local resync_delay = etcd_conf.resync_delay
+    if not resync_delay or resync_delay < 0 then
+        resync_delay = 5
     end
 
     local automatic = opts and opts.automatic
@@ -575,7 +598,6 @@ function _M.new(key, opts)
 
     local obj = setmetatable({
         etcd_cli = nil,
-        etcd_conf = etcd_conf,
         key = key and prefix .. key,
         automatic = automatic,
         item_schema = item_schema,
@@ -589,7 +611,7 @@ function _M.new(key, opts)
         prev_index = 0,
         last_err = nil,
         last_err_time = nil,
-        resync_delay = etcd_conf.resync_delay,
+        resync_delay = resync_delay,
         timeout = timeout,
         single_item = single_item,
         filter = filter_fun,
@@ -603,7 +625,7 @@ function _M.new(key, opts)
         ngx_timer_at(0, _automatic_fetch, obj)
 
     else
-        local etcd_cli, err = etcd.new(etcd_conf)
+        local etcd_cli, err = get_etcd()
         if not etcd_cli then
             return nil, "failed to start a etcd instance: " .. err
         end
diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec
index 9394c2267733..c9e624c11a34 100644
--- a/rockspec/apisix-master-0.rockspec
+++ b/rockspec/apisix-master-0.rockspec
@@ -32,7 +32,7 @@ description = {
 
 dependencies = {
     "lua-resty-template = 1.9",
-    "lua-resty-etcd = 1.4.2",
+    "lua-resty-etcd = 1.4.3",
     "lua-resty-balancer = 0.02rc5",
     "lua-resty-ngxvar = 0.5",
     "lua-resty-jit-uuid = 0.0.7",
diff --git a/t/APISIX.pm b/t/APISIX.pm
index f9d5e4c179a9..e5da4a3066a8 100644
--- a/t/APISIX.pm
+++ b/t/APISIX.pm
@@ -303,6 +303,12 @@ _EOC_
             more_clear_headers Date;
         }
 
+        location = /v3/auth/authenticate {
+            content_by_lua_block {
+                ngx.log(ngx.WARN, "etcd auth failed!")
+            }
+        }
+
         location  = /.well-known/openid-configuration {
             content_by_lua_block {
                 ngx.say([[
diff --git a/t/core/config_etcd.t b/t/core/config_etcd.t
index ce158cf69a95..f8738872351c 100644
--- a/t/core/config_etcd.t
+++ b/t/core/config_etcd.t
@@ -231,3 +231,29 @@ GET /t
 passed
 --- no_error_log
 [error]
+
+
+
+=== TEST 7: ensure only one auth request per subsystem for all the etcd sync
+--- yaml_config
+apisix:
+  node_listen: 1984
+etcd:
+  host:
+    - "http://127.0.0.1:1980" -- fake server port
+  timeout: 1
+  user: root                    # root username for etcd
+  password: 5tHkHhYkjr6cQY      # root password for etcd
+--- config
+    location /t {
+        content_by_lua_block {
+            ngx.sleep(0.5)
+        }
+    }
+--- request
+GET /t
+--- grep_error_log eval
+qr/etcd auth failed/
+--- grep_error_log_out
+etcd auth failed
+etcd auth failed
diff --git a/t/node/healthcheck-passive.t b/t/node/healthcheck-passive.t
index b9299b93d13b..417041c303c4 100644
--- a/t/node/healthcheck-passive.t
+++ b/t/node/healthcheck-passive.t
@@ -56,7 +56,7 @@ __DATA__
                                     "interval": 100,
                                     "http_failures": 2
                                 }
-                            },
+                            },]] .. [[
                             "passive": {
                                 "healthy": {
                                     "http_statuses": [200, 201],
diff --git a/t/plugin/request-validation.t b/t/plugin/request-validation.t
index adac02673e1b..cc075cab186f 100644
--- a/t/plugin/request-validation.t
+++ b/t/plugin/request-validation.t
@@ -908,7 +908,7 @@ passed
                                 }
                             }
                         }
-                    },
+                    },]] .. [[
                     "upstream": {
                         "nodes": {
                             "127.0.0.1:1982": 1