mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-25 00:21:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/kubernetes.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

27 lines
1.5 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Use Kubernetes persistent cache - Vault Proxy
description: >-
Configure Vault Proxy to use Kubernetes for persistent cache.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# Use Kubernetes persistent cache
When `kubernetes` is configured for the persistent cache type, Vault Proxy will optimize the
persistent cache specifically for Kubernetes. This type of persistent cache requires a Kubernetes
service account token. The service account token is used during encryption and decryption of the
persistent cache as an additional integrity check.
The Vault Proxy persistent cache file in Kubernetes should only be used for handing off Vault tokens
and leases between initialization and sidecar Vault Proxy containers. This cache file should be shared
using a memory volume between the Vault Proxy containers.
## Configuration
- `service_account_token_file` `(string: optional)` - When type is set to `kubernetes`,
this configures the path on disk where the Kubernetes service account token can be found.
Defaults to `/var/run/secrets/kubernetes.io/serviceaccount/token`.
Reference in New Issue View Git Blame Copy Permalink